| Author |
Message |
    
BBV Admin
Board Administrator
Username: Admin
Post Number: 2843
Registered: 12-2004
Best of Black Box? 
Votes: 3 (A keeper?) | | Posted on Monday, November 28, 2005 - 10:03 am: | 
|
California protocols sent to Black Box Voting when they invited us to do the test Nov. 30:
- The media cannot attend
- The public cannot attend
- The number of people we can bring is so small that we cannot bring our attorney or a court reporter
- We cannot videotape, record, or keep explicit notes on it
- We cannot retain our own work product
- We cannot tell anyone what happened in the test
The citizens of California deserve better than this. The elections officials throughout the US and Canada, in the 1,200 jurisdictions that use Diebold, also deserve better. They, we, all of us, have a right to know the truth about the process, the findings, and the result.
Black Box Voting will publish an update later today on the status of this test. |
Denise Giffin
Voting Rights Forum Participant
Username: Countercultured
Post Number: 2
Registered: 11-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 28, 2005 - 11:21 am: |
|
If they're trying to avoid looking suspicious, I think they completely failed that task.
You can fool some people sometimes, but you can't fool all the people all the time . . .
|
Voice of Reason
Voting Rights Forum Participant
Username: Voiceofreason
Post Number: 1
Registered: 11-2005
Best of Black Box? 
Votes: 1 (A keeper?) | | Posted on Monday, November 28, 2005 - 11:35 am: |
|
For goodness sake, the only way a system can be hacked on election day is the way the SoS proposed you conduct the test. Put up or Shut Up. If you can perform the hack as per the "real world" scenario then do it and prove everyone wrong. if you can't, then shut up and find some of cause to blow hot air about.
I have worked in system design and security for private and public sector companies for years. The greatest security threat is internal, NOT EXTERNAL. Your "experts" should know that. Are you concerned the election will be tampered with it would be done internally, and a hack is not necessary. It is then up to the election officials to monitor and police the system. If you think a person can walk into a polling place and hack an OS or TS, then PROVE IT according to the SoS testing procedures.
If you want to get the keys to the system, spend 12 hours messing it with to get it to say Hello World, then claim you have ahacked it, your nuts! That doesn't prove a darn thing. Give me the keys to your car and I will change all your radio station presents, does that mean I hacked your radio?
Time for you guys to put up or shut up. |
Pat A. Vesely
Frequent Voting Rights Forum Participant
Username: Pat_vesely
Post Number: 1976
Registered: 12-2004
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Monday, November 28, 2005 - 11:38 am: |
|
Please contact the Secretary of State's office and express your concerns. POLITELY ask that this testing be open to the public and let them know in no uncertain terms that they will not be trusted otherwise!
Secretary of State's Office
1500 11th Street, 5th Floor
Sacramento, CA 95814
Phone: (916) 657-2166
Fax: (916) 653-3214
E-Mail: elections@ss.ca.gov
* To contact the Fraud and Investigations Unit, please call (916) 657-2166 or you can lodge a recorded complaint by calling 1-800-345-VOTE.
Click here for all California County elections officials contact information.
PAV ;-) |
Denise
Voting Rights Forum Participant
Username: Countercultured
Post Number: 4
Registered: 11-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 28, 2005 - 11:45 am: |
|
Voice of Reason, nobody will listen to people who try to reason impolitely.
You can fool some people sometimes, but you can't fool all the people all the time . . .
|
Voice of Reason
Voting Rights Forum Participant
Username: Voiceofreason
Post Number: 3
Registered: 11-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 28, 2005 - 11:48 am: |
|
In all of the testing I have participated in or completed, we NEVER allowed the genereal public to look under our security hood, that is stupid!
Additionally, stop complaining they are not allowing you to video tape, record, provide poeople, etc. They will, and have to by law, provide you with all materials, not directly affecting security, through the freedom of information act. They have already offered to provide everything for free. |
James Zukowski
Frequent Voting Rights Forum Participant
Username: Jimz
Post Number: 162
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Monday, November 28, 2005 - 12:30 pm: |
|
Please keep in mind that this in not a vendor test as part of the product development procedure. This is a test to convince the CA SoS to (re-)certify the Diebold equipment for use in public elections, at public expense, for the public good from a private firm. If the State of California is going to spend the people's money on this stuff, the people should be able to be sure they're getting their money's worth.
Peace!
James Zukowski
The people who cast the votes decide nothing. The people who count the votes decide everything.
|
John Washburn
Frequent Voting Rights Forum Participant
Username: Johnwashburn
Post Number: 270
Registered: 04-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 28, 2005 - 12:53 pm: |
|
Clearly, Voice of reason has not read the report by Harri Hursti. Or, he/she would realize Hursti attack is particularly well suited for an insider.
Keep in mind the definition of insider here is quite broad. Insider is anyone who can have a memory card inserted into a precinct optical scanner. Either personally at the precinct, by adding the memory card to the pool created for distribution to the precincts, or as the local memory cards are transfered to the central tablator.
This last is especially good for the absentee ballot process which produces none of those pesky precinct tapes to contradict your GEMS tabulator report.
Absentee voting is anywhere from 10% of the vote to 100% in Oregon.
(Message edited by johnwashburn on November 28, 2005)
John Washburn
Only bad software is delayed by good testing.
|
Voice of Reason
Voting Rights Forum Participant
Username: Voiceofreason
Post Number: 7
Registered: 11-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 28, 2005 - 1:20 pm: |
|
That is my point. If only an insider can hack the system, then it becomes an Election Official security/policing issue, not a HACK issue. It is important to get the threat-type correct. Insider security risks are known as INTERNAL THREATS, not hacking.
BTW, the test is off. Official word from SoS is that terms could not be agreed to and Hirsi would not agree to perform the test for BBV. |
Jim March
Voting Rights Forum Participant
Username: Jimmarch
Post Number: 64
Registered: 01-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Monday, November 28, 2005 - 1:21 pm: |
|
"Voice of Reason":
Look at the timeline.
The Hursti/BBV report was published almost six months ago. Before the final copy was even done, based on the preliminary report, we asked the California SecState's office to look at the same issue - that was on 6/16/05.
BBV report (final cut):
http://www.blackboxvoting.org/BBVreport.pdf
Our formal request of 6/16/05 - note that the state law we cite *requires* them to do so in a reasonable period of time:
http://www.bbvdocs.org/records/19202requestdiebold.pdf
Almost six months later, the California SecState's office sets up this "planned hack".
The proposed "test" is for a new machine we did NOT request and that California hasn't certified - and it's not certain they ever will. A machine Diebold has had six months to prep up special for us, and a system they hand-selected per the first draft of the "proposed protocol":
http://www.bbvdocs.org/records/proposedhurstidemo.pdf
This is on top of the rest of what's wrong with the first draft proposed protocol.
Now, what's wrong with this picture?
----------
It's funny you should use a talking point that has been a specific Diebold turn of phrase in discussing the Leon County BBV/Hursti hack - the idea that we were "handed the keys" and "given passwords".
We were given NO passwords. No passwords were needed -- and that should give you an idea of how shoddy their programs are.
We had *physical* access to the machines, the same as many election officials and staff has and Diebold's on-site support staff as well.
You're absolutely right that the big threats are internal. No question. What Hursti found is that the audit trail records that are the ONLY real block to internal fraud can be faked, a situation that would be intolerable with any semi-professional accounting package, never mind the software a bank uses for wire transfers and the like.
THAT is the standard that needs to be applied in the world of voting...and yes, publicly documented encryption protocols are ALL that a bank will use because those are what are secure.
I recommend the following as a primer on security and transparancy:
http://en.wikipedia.org/wiki/Security_by_obscurity |
Michelle Smith
Voting Rights Forum Participant
Username: Galfromcal
Post Number: 3
Registered: 11-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Monday, November 28, 2005 - 1:42 pm: |
|
I just wanted to let you all know that when you call SoS office at 916-653-6814 you then must push #6 then push #2 to go directly to McPherson's office.
I just got off the phone with his receptionist, I bet she was glad to get off the phone with me,and before talking to her I call the voting division. I did this by pushing #6 and then #3. The receptionist told me to write the SoS and I told her I have and I will again. I also insisted that she give my phone message to him also. She said she would. (yeah, and I have some swamp land to sale too ;-(
In the voting department they connected me with the voice mail of Bruce McDonald, he is out at a conference for 2 days, the Systems Specialist. I left a message asking why the info on the test is not clear and during testing the public can not attend. Who's ass are they protecting, Diebold? (I did leave that in my message) However, I did tell him that I thought it was not responsible to the public, that pays his wages, not to return my call. I deserve some answers to my question. Also, that he would feel the same way if he were in my shoes. (Okay alittle hokey, but you do what you can to stir some emotion from these people ;-)
Please call and give-them-hell. We have to fight to keep this state from being called another Ohio, or Florida. Hell! We have to fight the facsists. (Okay, there I said it. Don't think me radical. Just know I am passionate...)
The people who cast the votes decide nothing.The people who count the votes decide everything-Stalin
|
BBV Admin
Board Administrator
Username: Admin
Post Number: 2845
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 28, 2005 - 2:03 pm: |
|
Michelle,
Way to go! Thanks for the info on how to actually reach the SOS's office. I'm sure this info well help others do the same as you did in making your voice be heard. (It never ceases to amaze me how difficult it usually is for the public to reach those who serve us.)
Don't apologize for your passion, it's necessary and inspires others to take action.
Kathleen Wynne |
John Washburn
Frequent Voting Rights Forum Participant
Username: Johnwashburn
Post Number: 271
Registered: 04-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 28, 2005 - 2:33 pm: |
|
Also Voice of Reason misses the main discovery by Harri Hursti.
This undocument, yet vital, compiled basic program EXISTS at all! You remove the .ABO file there is no Zero Tally Report at the beginning of the day. There is no End of Day Tally report. This is because the named, callback functions are missing.
This use of an UNDOCUMENTED program compiled in a proprietary language violates even the 1990 NASED/EAC/FEC standards section 5.1.
The undocumented, compiled basic program is unlimited as to what the programming can do to the reports, LCD display, and the memory on the memory card. All that is required is the 6 named call back functions exist.
It is astounding you do not find this troubling.
Here in Milwaukee, WI the election commissioner, Julietta Henry, programmed the 212 memory cards for the City of Milwaukee. She then signed off on the 5.94 testing as well!
While Ms. Henry is using the the other set of code from the Urosevich brothers (ES&S), there is probably another election director of a major metropolitan area which is doing exactly what Ms. Henry was doing until May, 2004. Even if everyone else is scroupulously honest an election official in Ms. Henry's situation can steal any election without a trace.
Yes, insiders are a significant problem!
John Washburn
Only bad software is delayed by good testing.
|
John Washburn
Frequent Voting Rights Forum Participant
Username: Johnwashburn
Post Number: 272
Registered: 04-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 28, 2005 - 2:50 pm: |
|
I have a question for Harri. If the only requirement is the 6 callback functions, which callback function is executed if there are 2 .ABO files on the memory card?
I am sure the programming, assumes there can only be one .ABO file on the card. If there are 2, I would presume the optical scanner firmware would call one .ABO file in preference to the other. The questions what is the preference?
Assume the preference is "first" .ABO file by name.
It might be a simplier attack to simply ADD a file named 000WI.ABO instead of changing the file 195WI.ABO. Thus, the ABO file checks on 195WI.ABO would pass all verifications (MD5 or SHA hashes, CRC-32, File size, etc.) But, 000WI.ABO comes before 195WI.ABO. The unsupported speculation here is 000WI.ABO is executed in preference to 195WI.ABO. Thus, the .ABO file tested is not the .ABO file which executes.
There is the further possibility the programming in the callback function for the End of Day Tally report could delete the file 000WI.ABO as the function's last token interpreted. This would remove the code which actually ran on election day. All that then remains is the "correct" file on the memory card, 195WI.ABO.
I am assuming there is no file locking issues under this second speculation about the added .ABO file deleting itself. An assumption which could easily and is most likely false.
But, both are tests worth executing.
John Washburn
Only bad software is delayed by good testing.
|
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1236
Registered: 12-2004
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Monday, November 28, 2005 - 3:30 pm: |
|
VoiceofReason: "For goodness sake, the only way a system can be hacked on election day is the way the SoS proposed you conduct the test. Put up or Shut Up. If you can perform the hack as per the "real world" scenario then do it and prove everyone wrong. if you can't, then shut up and find some of cause to blow hot air about."
I can't believe you would post such an uninformed comment on this website, and simultaneously claim to have some IT expertise. You think there's only one way to hack a voting machine on election day???
The holes in the SoS "hack" proposition were gaping. They reminded me of that guy--sorry I can't remember his name but it starts with an "S"--who has this bet for someone to hack into his proprietary evoting machine, but with ridiculous one-sided protocols that rig the whole thing in his favor and you can see this a mile away. (A number of us exposed this sham in some detail.)
But I digress. VoiceofReason are you actually saying the SoS proposed guidelines seem fair to you? That Diebold should be able to hand-pick a machine for this proposed test? That BBV should have to notify them in advance of every exploit they plan to test? Would a real hacker do this? Er--I rather doubt it, but maybe you and I live on different planets.
Are you saying that a voting machine on which our democracy depends should be tested in private, and that the test should come with a gag order? How on earth does testing secrecy of this kind serve we the people?
Maybe you're great at writing code or stringing together a network--but I sure wouldn't want you in charge of anything that demanded simple common sense. To be honest I don't think anyone who really has any IT expertise would make the statements that you have.
You also seem to have missed the point that BBV was asking the SoS to respond to Diebold's failure to comply with court orders. Do you think vendors should be able to ignore court orders? And do you think a SoS should be willing to consider using a vendor who disobeys court orders?
And do you think a SoS should be allowed to break CA election laws and ignore their own regulations? Just where do you draw the line in terms of competence (or outright negligence) regarding the office of SoS?
And I hope you won't answer this until you're using your proper name. |
Michelle Smith
Voting Rights Forum Participant
Username: Galfromcal
Post Number: 4
Registered: 11-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 28, 2005 - 3:31 pm: |
|
Hey you all can listen to Brad from Bradblog talk about BBV on the Peter B. Collins show at ;http://www.krxa540.com/
He is great for California news
The people who cast the votes decide nothing.The people who count the votes decide everything-Stalin
|
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1237
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 28, 2005 - 3:38 pm: |
|
Michelle,
Thanks for the heads up.
Hey--is that you on the air right now? Yes, it is! Cool! |
Pat A. Vesely
Frequent Voting Rights Forum Participant
Username: Pat_vesely
Post Number: 1979
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 28, 2005 - 3:44 pm: |
|
Way to go Michelle! Thanks for the heads up. I just love 'interactive media'.
Catherine, his name is Michael Shamos.
PAV ;-) |
Michelle Smith
Voting Rights Forum Participant
Username: Galfromcal
Post Number: 6
Registered: 11-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 28, 2005 - 3:53 pm: |
|
I did information in on BBV that was cool.
Peter is great!
Oh, yeah I sounded funny.
:-)
The people who cast the votes decide nothing.The people who count the votes decide everything-Stalin
|
Michelle Smith
Voting Rights Forum Participant
Username: Galfromcal
Post Number: 7
Registered: 11-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 28, 2005 - 3:55 pm: |
|
correction;
I was able to get information about BBV.
(oops on the prior post.)
The people who cast the votes decide nothing.The people who count the votes decide everything-Stalin
|
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1238
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 28, 2005 - 4:10 pm: |
|
Pat--yes, that's the guy I was talking about.
When I saw the SoS/Diebold's preconditions, it reminded me of Shamos's "test" offer. Ridiculous. They're just looking for a way to spin this as "Oh, but we offered to let them test the system." |
Pat A. Vesely
Frequent Voting Rights Forum Participant
Username: Pat_vesely
Post Number: 1981
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 28, 2005 - 4:40 pm: |
|
Yeah, here's Mr. Shamos's challange,
The DRE Tampering Challenge
I do not believe it is feasible in practice to tamper undetectably with a well-designed direct-recording electronic (DRE) voting machine. To demonstrate my conviction, I am willing to bet $10,000 at 2:1 odds with anyone under the following conditions:
1. I put up $10,000; you put up $5,000. The combined $15,000 is held in an escrow account.
2. I choose the DRE machine and lend it to you. You have one month to do anything you want to it. At the end of one month you bring it back to me.
3. I get one day (24 hours) to inspect it. I can do anything I want to it during that time. At the end of one day I will state either: (a) you have modified this machine and here is an example of what you changed; or (b) this machine will count votes correctly.
4. If I’m right, I get the $15,000. If I’m wrong, you get the $15,000. If I choose (a), I have to demonstrate at least one modification you made. If I can’t do that, I lose. If I choose (b), you have to show me a sequence of votes, within the operating parameters of the machine, that will not be counted correctly. If you can’t do that, you lose.
5. Determination of the winner will be by an independent observer agreeable to both parties. If we cannot agree in advance on such a person, the challenge does not take place. The observer will have control over the escrow account.
6. Rebecca Mercuri has claimed that this challenge is ineffective since you might have to engage in illegal activities to discover how the machine works. This is not correct since you will be operating under a letter of permission from the vendor of the machine granting you the right to disassemble, reverse engineer, or defeat copyright protection mechanisms (if any), etc. You will not be given plans, diagrams, schematics, flowcharts, or code.
7. The loser pays all costs of conducting the challenge.
8. Except for provisions 6 and 7, this challenge has been in effect since 1996 under the above terms and no one has accepted it.
Michael I. Shamos
Pittsburgh, PA
August 2, 2004
What a joke! Notice that he hides behind the words "well designed". We all know that's not the case with the current crop of crap we're using. Mike should give us his version of a "well designed" system and let us go to town on it.
PAV ;-) |
John Gideon
Frequent Voting Rights Forum Participant
Username: Johngideon
Post Number: 187
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 28, 2005 - 5:24 pm: |
|
Voice of Reason said, "BTW, the test is off. Official word from SoS is that terms could not be agreed to and Hirsi would not agree to perform the test for BBV." Does anyone have any information on this? It sounds like more misinformation from the SoS office. Notice that it says that "Hirsi (sic) would not agree to perform the test for BBV". I imagine that the truth is that Harri refused to conduct the test under the demands of the SoS and Diebold. Inquiring minds want to know more.
Information Manager, VotersUnite.org
|
Pat A. Vesely
Frequent Voting Rights Forum Participant
Username: Pat_vesely
Post Number: 1986
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 28, 2005 - 10:28 pm: |
|
Hi John, It occurred to me that the wording of section 19203,
"19203. The Secretary of State may make all arrangements for the time and place to examine voting equipment proposed to be sold in this state.
He or she shall furnish a complete report of the
findings of the examining engineers to the Governor and the Attorney General."
coupled with the provisions outlined in section 19206,
19206. For the purpose of assistance in examining a voting system the Secretary of State may employ not more than three expert electronic technicians at a cost to be set by the Secretary of State.
The compensation of the electronic technicians shall be paid by the person or corporation submitting the machine or device.
The Secretary of State may require the person or corporation submitting the machine or device to deposit sufficient funds to guarantee the payment of the examination charges. The Secretary of State may deposit the funds in an appropriate treasury trust account and, within 30 days after his or her report of examination, draw a refund check to the credit of the person or corporation for any amount in excess of costs.
may give us a few clues as to their intent.
The use of the word may rather than shall in the bolded section of 19203 above appears (to me) to give the SoS the option to "make all arrangements for the time and place to examine voting equipment proposed to be sold in this state" It does not seem to give him the sole right to do so. OTOH, since there is no other option outlined in the statute as to who else might make such arrangements, it might also be interpreted as an 'out' so as to not call for the testing at all.
Since the SoS has opted to conduct such a test, section 19206 gives the SoS the option to "employ not more than three expert electronic technicians" at the expense of the company whose equipment is subject of the testing.
This has the appearance of a gamble on the part of the SoS's office. Since he scheduled the meeting and 'claims' to have 'hired' Harri Hursti, as evidenced by the wording of the press release, he might try to call in his own 'technician' at the last minute to salvage the 'scheduled' test since Harri was 'unavailable'.
The problem with this gambit is that unless his office can show proof that they contacted Harri before they scheduled the test, (they can't because they didn't) this will turn into a PR nightmare and he may find himself the subject of an ethics probe for misuse of his office.
That's my guess anyway. I can't wait to see how it plays out. Either way, if his office can't schedule a simple meeting and get it right, how can we trust them to schedule an election?
PAV ;-) |
Jo Anne Karasek
Voting Rights Forum Participant
Username: Jo_anne_karasek
Post Number: 41
Registered: 08-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 28, 2005 - 10:42 pm: |
|
"19206. For the purpose of assistance in examining a voting system the Secretary of State
"may" employ not more than three expert electronic technicians at a cost to be set by the Secretary fo State."
The use of the word "may" is legalese in legislative drafting/writing to mean that they can, but they don't have to. If the legislature wants to say they must, then they use the word "shall". |
Pat A. Vesely
Frequent Voting Rights Forum Participant
Username: Pat_vesely
Post Number: 1987
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, November 28, 2005 - 11:09 pm: |
|
Correct. That's why I pointed it out. I'm not certain that there are no other relevant sections in the new code that may allow others to compel such testing.
If not, this law is actually quite toothless. Bruce could have just said no and left 'the people' with no legal recourse.
PAV ;-) |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1239
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 29, 2005 - 1:47 am: |
|
Diebold may have convinced the SoS that they could spin the PR on this to try and discredit BBV/Hursti and make it look like BBV wasn't willing or able but they (Diebold & SoS) were willing and able to have a test.
Explaining the BBV position means getting into technical details of why the setup was unrealistic. But for the SoS & Diebold it's a much easier spin--"we offered but they refused."
So it's crucial for those who know about the circumstances to be vocal and to take the initiative.
Maybe folks should be actively getting this out to the media--CA SoS attempts to set up fraudulent testing conditions; SoS protects Diebold not voters, etc. |
Michelle Smith
Voting Rights Forum Participant
Username: Galfromcal
Post Number: 9
Registered: 11-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 29, 2005 - 3:11 am: |
|
Catherine,
Just to let you know that is what I did yesterday (11/28/05) and I have be trying to do this early morning. I will be back at it later today to.
You can go to Bradblog here
(http://www.bradblog.com/archives/00002087.htm#comments )and read/listen to the radio show clips posted.
We just need more help.
I posted this info at SoCal Grassroots, Alliance for a Better California, SpeakOut California,and Crooks and Liars. I will make some calls tomorrow and I have a few more posts to do and then off to bed for a couple hours of sleep.
The people who cast the votes decide nothing.The people who count the votes decide everything-Stalin
|
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1242
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 29, 2005 - 4:03 am: |
|
Well done.
I hope some of the folks in other states do the same. Diebold would quickly attempt to use this in other states to spread misinformation. (E.g., try to reassure other SoS's that BBV wouldn't take on their "challenge" in an attempt to discredit BBV, when Diebold & the SoS are the ones who should be discredited for attempting to set up such an obviously phony "test" situation.) |
Michelle Smith
Voting Rights Forum Participant
Username: Galfromcal
Post Number: 10
Registered: 11-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 29, 2005 - 4:30 am: |
|
Catherine,
I am going to bed now, but please keep up with things for me. I really appreciated your encouragement this morning (I mean "Early")! It helped me to find a sight of this guy " John Myers is Sacramento Bureau Chief for KQED's "The California Report", heard on 24 public radio stations including 6:50 and 8:50 a.m. every weekday on 88.5 in San Francisco and 89.3 in Sacramento", and I emailed him with the info too.
Damn, I am going to be hurting when I take my daughter to school this morning. I think I can catch some ZZZZZZZs. ;-)
Thanks Again Catherine
The people who cast the votes decide nothing.The people who count the votes decide everything-Stalin
|
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1243
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 29, 2005 - 5:11 am: |
|
Michelle,
What you are doing is hugely important. A timely response is crucial because 1) it's more likely to be considered as "news" and 2) it's crucial to preempt how Diebold or SoS may try to spin this.
I listened to the radio program (thanks to your mention of it). That spokeswoman from the SoS office was worse than pathetic. That office is obviously not supportive of CA citizens. The way she avoided all the questions about the relative numbers of people opposing the use of Diebold machines (virtually everyone who showed up) and the numbers who wanted Diebold (1 official?)--yet she kept avoiding answering this most simple of questions even though she was at the meeting in person--was disgusting and inept. I hope some folks here go to BradBlog.com and listen to the clip of this interview if they didn't get to hear the live program. It is truly amazing.
Bruce Sims suggested some kind of recall effort for several top CA officials. If CA voters recall the SoS can we get a new spokesperson, too? Someone who might be willing to tell the truth and not cover up?
This is disgraceful beyond belief. |
Jim March
Voting Rights Forum Participant
Username: Jimmarch
Post Number: 65
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 29, 2005 - 7:59 am: |
|
If it's not clear yet, the main thing wrong with Shamos' challenge is that it doesn't replicate the most likely conditions for a hack.
It assumes that an outside party tries to tamper with a system and then a very technically competent elections official tries specifically to detect it.
The MOST likely scenario is that a moderately technical elections official or staffer or vendor field-tech tries to tamper using fairly simplistic methods, such as MS-Access database manipulation, a Visual Basic script or the like. And then *nobody* checks afterwards; for one thing public access to the electronic records post-election is blocked when they claim the data files are "trade secrets" as is happening right now.
Under THOSE circumstances, is tampering possible?
Hell yes. |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2849
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 29, 2005 - 9:07 am: |
|
In fact, note the word "outside" or "outsider" in many of the media releases and explanations.
It is not true that all systems are equally vulnerable to inside attack, or that being an insider automatically will give you free rein to manipulate an election regardless of the system.
The Diebold system is designed for inside fraud. The audit logs don't function as they are supposed to. There is no reason you can't make an audit log that auto-numbers each entry, making it difficult to purge and renumber the transactions. Diebold skipped this feature.
There is no good reason to use MS Access and unpatched Windows. Other vendors don't do that.
There is no justifiable reason to execute logic on a credit-card-sized ballot box.
The truth is, the Diebold system is designed for inside tampering. Thus, the efforts to frame everything towards outside hacking. |
Craig Lister
Voting Rights Forum Participant
Username: Voiceofreason
Post Number: 10
Registered: 11-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 29, 2005 - 9:41 am: |
|
Jim, I know the timeframe, I have read Harri's report. I do not work for, nor am I associated in any way with ANY vendor, so don't try to taint credibility with that argument, stick to the facts.
The SoS has made an offer under reasonable circumstances. Do it now, or do it in 6 months, the result will be the same. Of course you should use the proposed system, that is the one pending certification! The other systems you are proposing will not be used in polling places.
I agree you should be allowed to use a system off the production line and not one specifically prepared or provided by Diebold, or any vendor, unfortunately that won't happen because they have not been certified and therefore don't exist. Why don't you propose getting one from another state who has purchased the system and taken delivery, it can't happen here in Ca.
And, if you respond to nothing else here, please answer me this: If you are so interested in protecting MY vote, why are you only focused on Diebold? I don't even vote on a Diebold machine! |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2851
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 29, 2005 - 10:06 am: |
|
Craig --
We are not only focused on Diebold. Please see the expose of Sequoia in the Palm Beach County audit records (document archive, election records). We believe that the core problem is with the federal testing labs, who clearly have been recommending systems that violate FEC standards.
We want all voting systems that went through Wyle Labs and Ciber Labs re-examined with red team attacks.
These tests should focus on the most likely form of attack -- inside access.
Note that the Hursti study shows that current procedures used in much of the US with Diebold optical scans leave it wide open to inside tampering by POLL WORKERS.
IN San Diego, machines for 713 precincts were sent home with poll workers. In our county, the same applies to over 500 precincts.
These machines counted nearly one-third of the votes in the presidential election, and there were approximately 2 million poll workers. Obviously, a system which allows election results to be manipulated electronically and without detection by poll workers is not appropriate for use in elections.
You make several erroneous statements. One is that the machines currently in use in California won't be in use for the next election. Please cite a source for that -- the counties don't have the money to buy entirely new systems for their next election. You can bet the current systems will still be in use for the June primaries. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1249
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 29, 2005 - 10:09 am: |
|
"The SoS has made an offer under reasonable circumstances." The trouble is that the offer he made isn't reasonable. The preconditions suggested by the SoS would make a fair test impossible (e.g. having to tell the vendor ahead of time what exploits were going to be carried out).
It's not right to "use the proposed system, that is the one pending certification" since it is already clear that this equipment would not pass the CA standards and should not be considered. BBV is not an ITA. It makes sense for BBV to spend its time testing equipment that has at least passed the ITA/FEC testing, weak as that is.
BBV is not "only focused on Diebold." The Hursti paper focuses on the Diebold optical scanner because that's what was used in the one and only county so far to allow a test on actual election equipment to take place. The Hursti Report noted that similar issues may exist on equipment made by different vendors. That's why BBV ensured that counties that used relevant equipment (not just Diebold) received the Hursti report, and that's why subsequent PRRs were also sent to all relevant counties--many of which do not use Diebold. Try out the Advanced Search feature on the left-hand side of the page and you'll find lots of discussion related to vendors other than Diebold.
There's a separate issue re: Diebold, which is the court orders imposed on Diebold by a CA judge. Diebold has not done what the court required. BBV has formally requested the CA SoS to take action but I am not aware that the SoS is doing anything to ensure that the court order on Diebold is enforced. Under these circumstances it is all the more inappropriate to be considering any equipment by this vendor as long as they are engaged in flouting the law. |
Jim March
Voting Rights Forum Participant
Username: Jimmarch
Post Number: 66
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 29, 2005 - 10:16 am: |
|
Craig,
We are NOT focused solely on Diebold. Whether you realize it or not, YOUR position focuses only on Diebold!
OK. You claim it reasonable that only the next-to-be-certified variant (1.96.6) be tested, and the ONLY thing about it tested is the exact same hack that we showed six months ago under the current version (1.96.4).
Diebold may have patched this one thing at least somewhat in the 1.96.6 version. Their release notes for .6 don't suggest that, but they might have. Then again, .6 being uncertified, there's no guarantee they won't come up with a "special" .6 just for us at BBV to beat our heads against but let's ignore that for now.
Let's also ignore the fact that the original test protocol you call "reasonable" wouldn't let us "kick the tires and hack at it" if they changed things slightly but still left a hole. I personally do NOT call that "reasonable" at all. But we'll ignore that.
If 1.96.6 has had this specific hole fixed, that doesn't answer the question of "should we use Diebold or not?"
On the contrary, it leaves two more questions, one not even connected to Diebold:
1) Why did Diebold engineer such an obvious back door?
2) How did the Federally approved testing labs miss this!?
The second question is critical to ALL of the voting systems, not just Diebold.
Two large corporations are approved as "independent testing authorities" by the Federal Elections Commission: Ciber Inc. and Wyle Labs. But each one handles the actual testing in tiny offices in Huntsville, AL, and each under the control of one low-level manager: Jim Dearborn at Wyle and Shawn Southworth at Ciber. Southworth's facility is no bigger than a 7-11 convenience store and the section of Wyle dealing with voting machines appears to be similarly staffed. These two have control over the entire certification process as their labs are the ones hired by all the major players, not just Diebold: ES&S, Sequoia, Hart, etc.
What the initial test protocol proposal would have done would be to give these guys a "pass": "oh, don't worry, BBV couldn't duplicate the exact Leon County hack with the new system so it's aaaaaall better now!"
No it isn't. How many security holes in Diebold and all the other vendor's systems got past the Federal oversight process?!?
That is not reasonable.
It should also be noted that we're not the only ones blaming the test labs for at least a big part of this *entire* fiasco across multiple vendors.
During the summer of '05 the California SecState's office did a "volume test" of the newest Diebold touchscreens. They weren't testing security, but rather basic functionality in a heavy-load election-day-simulation environment.
Of the 96 machines tested, 34 had at least some failure. This led to the TSx ver.4.6.3 failing it's certification attempt.
In the report on the aftermath of this failed test, the California SecState's technical advisory panel had this to say:
---------
Under one possible interpretation of the standards, the failure rate observed during these
tests was more than 10 times higher than permitted by federal standards (which require a
163-hour MTBF). The failure to detect this fact during the ITA’s testing process appears
to be due to serious defects in the testing methodology specified by federal standards.
One lesson of this analysis is that the testing performed during the federal qualification
process is apparently inadequate to ensure that voting machines will be reliable enough
for use in elections.
Source:
http://www.ss.ca.gov/elections/voting_systems/vstaab_volume_test_report.pdf
---------
In other words: testing process failure.
Oooops.
(Message edited by Jimmarch on November 29, 2005) |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1253
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 29, 2005 - 10:36 am: |
|
(from BBV admin - thanks, Catherine. Resolved.) |
Bruce Sims
Frequent Voting Rights Forum Participant
Username: Ubetchaiam
Post Number: 654
Registered: 06-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 29, 2005 - 9:15 pm: |
|
Well, I'm late to this party but many kudos to Michelle.
Besides the obviously staged opportunity to fail, I wonder if having the publicity be focused on the 'hacking' is intended as a 'red herring' when it comes to the issue of certification. There are SO MANY issues regarding this voting system that it would be sad to have the public lose sight of that very basic fact because of the 'glitz' associated with 'hacking'.
Regards the recall of McPherson,Hench, and McCormack, here's the code sections applicable:
http://www.leginfo.ca.gov/cgi-bin/waisgate?WAISdocID=32694629476+4+0+0&WAISactio n=retrieve
http://www.leginfo.ca.gov/cgi-bin/waisgate?WAISdocID=32694629476+18+0+0&WAISacti on=retrieve
http://www.leginfo.ca.gov/cgi-bin/waisgate?WAISdocID=32694629476+2+0+0&WAISactio n=retrieve
http://www.leginfo.ca.gov/cgi-bin/waisgate?WAISdocID=32694629476+1+0+0&WAISactio n=retrieve
http://www.leginfo.ca.gov/cgi-bin/waisgate?WAISdocID=32694629476+11+0+0&WAISacti on=retrieve
http://www.leginfo.ca.gov/cgi-bin/waisgate?WAISdocID=32694629476+6+0+0&WAISactio n=retrieve
This is where I misunderstood the '30 days' requirement, Catherine:
http://www.leginfo.ca.gov/cgi-bin/waisgate?WAISdocID=32694629476+14+0+0&WAISacti on=retrieve
(and I hope voiceofreason realizes that the chances for 'internal' 'hacking' are significantly increased because-for instance- in San Diego no background check is done on any poll workers(including 'precinct captains') and they have the machines for up to 3 plus weeks before the election in their private possession; such ,from what I understand, is a common practice in CA)) |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1257
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, November 29, 2005 - 10:57 pm: |
|
The link re: '30 days' requirement doesn't work.
Are you saying that there for sure isn't a 30-days requirement? So we can commence a recall effort at any time? Please confirm!  |
Brant Lamb
Frequent Voting Rights Forum Participant
Username: Brantl
Post Number: 173
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, November 30, 2005 - 4:52 am: |
|
Voiceofreason, how many hackers would tell you just what they're going to do? Get real! |
Edward Robles
Voting Rights Forum Participant
Username: Tedeger
Post Number: 8
Registered: 11-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, November 30, 2005 - 5:25 am: |
|
Has anyone else noticed this? Apparently NC has some backbone - and its a red state!
N.C. Judge Declines Protection for Diebold
RALEIGH, N.C. - One of the nation's leading suppliers of electronic voting machines may decide against selling new equipment in North Carolina after a judge declined Monday to protect it from criminal prosecution should it fail to disclose software code as required by state law.
Diebold Inc., which makes automated teller machines and security and voting equipment, is worried it could be charged with a felony if officials determine the company failed to make all of its code — some of which is owned by third-party software firms, including Microsoft Corp. — available for examination by election officials in case of a voting mishap.
[Remark]
Uh huh- don't want to release the code so that it can be examined and vetted, see, 'cause THEN people would see the obvious backdoor we built in, and that the software is riddled with bugs. Can't have THAT, can we.
The above is copied from a post on John Conyers' blog. But it DOES seem to be a step in the right direction; Have any other States put in the same legal language NC has? |
Edward Robles
Voting Rights Forum Participant
Username: Tedeger
Post Number: 9
Registered: 11-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, November 30, 2005 - 12:52 pm: |
|
Another thought; this could be quick, especially since Arnold almost didn't get to vote because of an effed-up machine; he'd likely sign such a Bill in spite of the machine design that probably casts a third (or more) Democratic votes for Rethuglicans. Get a friendly Assemblyman and Senator to introduce identical bills and get 'em to the floor quickly,as follows:
"In Section 19203, wherever the word "MAY" appears, it shall be stricken and the word "SHALL" substituted for it. This change will take effect upon being signed by the Governor, or otherwise becoming law."
In dealing with Bureaucrats, remember that they ALWAYS follow the LETTER of the Law, NOT the SPIRIT. |
Pat A. Vesely
Frequent Voting Rights Forum Participant
Username: Pat_vesely
Post Number: 1993
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, November 30, 2005 - 1:55 pm: |
|
Ed - Actually the system worked as it should. Arnold almost didn't get to vote because the electronic poll book noted that he had already voted. Apparently a poll worker had used his name during a training session rather than one of the names on a list provided to them.
That makes me wonder if the 'test' names on the list were bogus, and if so, why were bogus names loaded on the 'active' voting register? I also wonder if they were removed after the 'test'. At least one test name didn't get used, and if it wasn't removed before the election, whoever knew that name could have voted twice with no problem. I wonder if anyone else decided to ad-lib and used the name of someone they knew instead of one from the list? And what of the test votes that were cast? Can anyone be absolutely sure that they weren't counted as 'early' votes?
Sounds like a dangerous practice to use the live registration database for testing of this sort.
PAV ;-) |
Bruce Sims
Frequent Voting Rights Forum Participant
Username: Ubetchaiam
Post Number: 658
Registered: 06-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, November 30, 2005 - 4:40 pm: |
|
Yes, Catherine and everyone else; the code reads that there are 160 days to get the signatures if the number of voters in the 'district' is over 500,000;so all 3 are eligible for the 160 days to get the required number of signatures; what's funny is the code is written as though the SOS will never ,ever be the subject of a recall petition(and yes, just because he was appointed rather than elected doesn't make any difference). |
