Forum Navigation
Topics
Log In
Log Out
:
Forum Search
New Today
New This Week
Advanced Search
Tree View
Forum Account
Edit Profile
Register
Forgot Password
Forum Tools
Help/Instructions
Policies
CLICK STATE TO SEE:
"WATCH LIST"
Marked with: 
"OPEN & HONEST"
Marked with: 
...
|
| 11-18-05: Fasten your seatbelts - It'... |
|
| Author |
Message |
    
BBV Admin
Board Administrator
Username: Admin
Post Number: 2748
Registered: 12-2004
Best of Black Box? 
Votes: 6 (A keeper?) | | Posted on Thursday, November 17, 2005 - 2:50 pm: | 
|
Two testing labs in Huntsville, Alabama need to be visited by people with badges, guns and search warrants. The small offshoot office of Ciber Labs, run by Shawn Southworth, and the Wyle Labs office which has been supervised by Jim Dearman, are responsible for repeatedly certifying defective voting machines that violate Federal Election Commission standards.
1. New California report confirms that a security problem identified by Harri Hursti affects both touch-screens and optical scans – Diebold Election Systems’ whole product line.
2. Records obtained by Black Box Voting show that Diebold executives lied to the Arizona Secretary of State, the Cuyahoga County Board of Elections, and to hundreds of elections officials throughout the U.S. about the existence of specific defects.
3. Ohio Secretary of State Ken Blackwell withheld crucial information on security defects from other secretaries of state, from the Election Assistance Commission (the EAC; federal overseers), and Ohio’s election officials.
4. Evaluations conducted by Black Box Voting in San Joaquin, Marin, and Alameda counties (Calif.) reveal that a critical paper audit component is missing for all absentee and mail-in ballots, and also for RECOUNTS. (Black Box personnel were hired by the Libertarian Party to conduct inspections.)
5. The state of California has released a report in the aftermath of the failed testing of Diebold products, expressing horror that those products ever made it out of the federal testing labs. Dr. David Jefferson of Lawrence Livermore Labs led the panel that wrote the failure analysis report.
These issues demonstrate that voting machine testing labs may be complicit in approving defective voting systems, that a secretary of state withheld information on defects, and that Diebold has demonstrated a pattern of corrupt practices unrestrained by any oversight process at the federal or state level.
The defects
The first flaw, identified by security expert Harri Hursti, has been characterized as “the mother of all security holes.” It is an exceptionally flexible exploit that enables a person who works for the election office – or even a temp or a visiting vendor -- to change election results either by inserting a single file on the main tallying machine before the election, or by swapping a memory card during the election process.
(Example: VIDEO CLIP: Memory card handling in the dark - King County election Nov. 8, 2005, a drop-off site handling 34 precincts. Without night vision goggles, could you spot a swap? http://www.bbvdocs.org/videos/inthedark.mpg)
The second flaw, reported by Bev Harris and Dr. Herbert Thompson, is rated a "High, High, High" risk by Ohio security analysts Compuware acting on commission from the Ohio Secretary of State’s office. This problem, called the GEMS Defect, affects the “mother machine” that tabulates all the precinct and absentee votes for both optical scans and touch-screens. Despite assurances by Diebold, records obtained by Black Box Voting show that this issue has not been resolved in either California or Ohio, or apparently any of the other 1,200 jurisdictions that use Diebold, and one critical set of Compuware documents confirming this separately were suppressed by Ohio Secretary of State Ken Blackwell.
Another design defect causes all votes counted on Diebold “Central Count” absentee ballot processing machines to be retained only on the defective GEMS machine. No “poll tapes” or secondary source of data is retained, and there is no way to check whether the GEMS security defect was exploited without obtaining the GEMS vote data files, which Diebold is withholding from the public as “trade secrets.” –Understand something here: Diebold is ordering county elections officials to withhold the files containing the final tally of your votes.
The testing labs missed other problems as well:
In the latest California certification examinations, a team led by computer expert David Jefferson noted that the failure rate of machines approved by federal testing labs was 10 times higher than allowed by federal law.
It is the view of Black Box Voting that every Diebold voting machine in America should now be recalled as fast as Ford Pintos with exploding gas tanks. These machines should never have passed the testing labs in the first place. The voting machine testing authorities failed to notice security violations the size of the federal deficit, over and over and over.
Now for those who are more technically inclined
The latest certification papers in California for Diebold’s most current product line were released Nov. 14, 2005. These are more detailed than usual. To their credit, the staff and consultants at the California Secretary of State’s office have not redacted (edited out) pieces the way they did previously.
These papers document two attempts at certification: a failed test involving the TSx touchscreen revision 4.6.3 and new documents on Diebold’s hasty update, the touchscreen “TSx” version 4.6.4. Black Box Voting has been told by the EAC that 4.6.4 has received a NASED certification number even though the full set of documentation from Wyle Labs hasn’t been received.
The most important parts of the new California documents are the “consultant’s report” detailing what Steve Freeman (California’s lead certification examiner) found, and the “aftermath reports” on the failed testing of the 4.6.3 TSx.
Steve Freeman touched on the security implications of the Hursti/BBV report, but did not mention either the risks or any mitigation strategies for altering memory card contents by simply swapping cards. Black Box Voting formally requested a replication of the Hursti Report for both touch-screens and optical scans, under California Election Code 19202, but – six months later – California still has not performed the test, which takes about a day.
To summarize the Hursti findings: Leon County Florida elections official Ion Sancho allowed a series of security probes of voting machines, set up for elections, one of the only such tests ever performed under real-world conditions.
Armed with the same level of physical access an elections worker (or a temporary helper) would have (but with no passwords provided), Finnish security expert Harri Hursti was able to show that the memory cards can alter results reports. The Diebold memory cards contain program code (written in Diebold’s “Accubasic,” also known as “ABasic”). Hursti discovered that this code could quickly be manipulated and that the Diebold system does not check it for authenticity. This code’s normal purpose is to control the zero reports at the beginning of Election Day, and the end-of-day ticker-tape summary of votes cast. Hursti was able to change the information that was reported, and was also able to “pre-stuff the ballot box” with votes. He put a matched combination of “plus” and “minus” votes so the total would equal the number of voters who show up.
These are serious defects
In any form of science, including computer science, after allegations are raised the next step is to independently duplicate the results. This still hasn’t happened, despite urging by M.I.T. security expert Ronald Rivest, who refers to the problems identified by Hursti as “startling” and “stunning” in letters to federal elections authorities.
California consultant Steve Freeman did confirm the following:
13. ABasic Files. AccuBasic report files are used to configure AccuVote-OS and AccuVote-TS report contents and printing in precinct count mode. They are actually loaded into the memory cards for the AV-OS and AV-TS where their logic is executed. There are 24 report files supporting modifications to the reports for different states and jurisdictions. A few of these may provide options that are attractive to local jurisdictions as they provide variations on what summary reports are printed optionally or automatically and the order they are prepared. At the current time, the Federal testing only uses one of these files and does no source code review, leaving this to the states to verify. Within our state testing, we only verified the reports for the same file, 194US.abo, revision 1.15, and have checked the source files. Since the source file is not reviewed in the Federal testing, we have no absolute verification that the installed file found in the witnessed build (forwarded by Ciber) was created from these source files but signature information in the .abo file matches what would be expected from the source file.
The source code I was given clearly does not directly affect stored votes or even the voting result content of the reports. It just sets up the report options that will be available to the operator and some operator display information that sets up the options. The .abo file given is without risk to the election results.
The actual file used is selected in the AV-OS Options window of GEMS from the pulldown list in the Report field so the local user could potentially select any of these files or a modification of that file. The risk occurs in the opportunity to replace the verified file with some other .abo file (prior version, one the other existing versions installed in the GEMS/ABASIC directory, or by replacing the current code with rewritten code performing other operations.) In a certification report last year, we recommended that the unverified report files be deleted from the GEMS directory leaving only the verified files. The California Use Procedures should specify which files are approved for use and provide information so that the approved files may be verified.
The risk involved with these files suggests that jurisdictions using this system should safeguard these files, as well as the election definition media that is used load these files to the voting machines.
Translation:
Freeman is saying that the memory cards execute program logic, and he goes further: This is true for both the optical scan and touchscreen systems, and that in both systems it’s possible to insert fraudulent code. Worse, the testing lab (Ciber) isn’t giving the states enough data to confirm which set of Accubasic (.ABO) files are authentic, nor is the testing lab reviewing the source code for all variants. Note: checking the source code on interpreted code is much easier than doing so for compiled code. Many reasonably bright children know the “BASIC” computer language and could analyze “Accubasic” code with no tools past a text editor.
Freeman’s proposed solution is to set up procedures allowing honest counties to confirm which files are authentic versus “hacked”. Which sounds okay, except that the Accubasic files can be altered outside of the GEMS server station – in the case of the TS/TSx series, the memory cards in question are standard PCMCIA cards that can be read from or written to in any laptop. The optical scan memory cards can be altered using commercially available card reader devices.
The most important things Steve Freeman says:
“AccuBasic report files are used to configure AccuVote-OS and AccuVote-TS report contents and printing in precinct count mode. They are actually loaded into the memory cards for the AV-OS and AV-TS where their logic is executed.”
This directly conflicts with false statements made by Diebold on the record in a Cuyahoga County Ohio purchasing meeting (Oct. 17th 2005) recorded on video.
Freeman also explains:
“The risk occurs in the opportunity to replace the verified file with some other .abo file (prior version, one the other existing versions installed in the GEMS/ABASIC directory, or by replacing the current code with rewritten code performing other operations.)”
For “other operations,” read vote fraud in any of several ways. One trick: set up the “cheat code” to be date-specific – the system will pass Logic & Accuracy testing pre or post-election just fine, but trigger pre-planned manipulations on election day.
It gets worse
This executable Accubasic code is “interpreted,” making it easier to understand and hand-edit in the field. The FEC has specific rules in place to make sure certified election code isn’t altered in the field; per both the Hursti/BBV report and Steve Freeman, these rules have been ignored. The Diebold voting system should never have cleared certification at the Federal level.
The Federal Elections Commission has now pulled its voting system standards off its Web site. However, Black Box Voting posted the FEC certification standards online at:
http://www.bbvforums.org/forums/messages/2197/2383.html
The Diebold system violates both the 1990 standards and the 2002 standards.
Here is the relevant portion of the 2002 standards, to which the Diebold TSx system was tested and certified:
Access controls are procedures and system capabilities that detect or limit access to system components in order to guard against loss of system integrity, availability, confidentiality, and accountability. Access controls provide reasonable assurance that system resources such as data files, application programs, and computer-related facilities and equipment are protected against unauthorized operation, modification, disclosure, loss, or impairment. Unauthorized operations include modification of compiled or interpreted code, run-time alteration of flow control logic or of data, and abstraction of raw or processed voting data in any form other than a standard output report by an authorized operator.
The entire Diebold product line should never have cleared Federal certification because it’s too easy to cheat with it. The FEC standards were bypassed.
In another section of this latest California certification process, a team led by David Jefferson analyzed what went wrong with the earlier touchscreen code revision (4.6.3) test in San Joaquin County. They summarized their findings:
Under one possible interpretation of the standards, the failure rate observed during these tests was more than 10 times higher than permitted by federal standards (which require a 163-hour MTBF). The failure to detect this fact during the ITA’s testing process appears to be due to serious defects in the testing methodology specified by federal standards. One lesson of this analysis is that the testing performed during the federal qualification process is apparently inadequate to ensure that voting machines will be reliable enough for use in elections.
Voting machine testing labs failed catastrophically. They did not ensure that legal and secure voting systems were submitted to NASED, the EAC, or to the states.
While we applaud California’s release of its functionality testing, Black Box Voting calls foul on the entire certification process (Federal and State). The Federal process is broken. The limited functionality testing performed by Steve Freeman and CompuWare hasn’t even tested for several of the known glitches (like Dr. Herbert Thompson’s VBA script attack, and Hursti’s electronic ballot box stuffing and memory card swapping techniques.) No one has corrected even the risks that have been acknowledged.
They call it professional courtesy
Even the activist scientists avoid asking that anyone be accountable. Computer experts make excuses for each other. Elections oversight officials seem to view voting machines as a product that should be exempt from consumer protection and product liability laws. When a problem is identified that's inconvenient, they shove it under the rug.
This is a government boondoggle. It won’t be solved by being politically correct.
PERMISSION TO REPRINT GRANTED, WITH LINK TO http://www.blackboxvoting.org |
Jim March
Voting Rights Forum Participant
Username: Jimmarch
Post Number: 61
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, November 17, 2005 - 5:39 pm: |
|
Let's clarify something regarding the absentee ballot processing on any Diebold system (optical scan county or touchscreen county):
Since mid-2003, Bev Harris has been pointing out the easy "hackability" of the GEMS central tabulator database: how it can be hand-edited with a standard copy of MS-Access. We later learned that it doesn't even take Access present to do it - somebody who knows what they're doing can type a quick Visual Basic script or Java script in plain ol' Notepad as Dr. Thompson showed.
(If that's not clear yet: MS-Access is a database. The Diebold GEMS product uses Access-type data files to store your votes, and tries to keep something resembling "security" in place, such as password controls and audit logs. BUT if you load a standard copy of MS-Access (a retail program) you can edit the vote data, passwords, audit logs and everything else with NO security in place and no audit trail record. This is the infamous "GEMS defect". Dr. Thomson showed that even without the retail copy of MS-Access loaded, the remaining "stub" (the "Jet" database engine) can be controlled via simple script files typed in at the console doing the same functions as the retail MS-Access can pull. Call that "The Defect On Steroids".)
Diebold's response has always been "yeah, but then the results in GEMS won't match the end-of-day tapes at each polling place". And it's true that both optical scan and touchscreen terminals produce a "results printout" on cash-register-type-paper showing how many votes were taken in for each candidate and/or issue. The list looks a bit like:
PRESIDENT
Bush: 46
Kerry: 50
Proposition X:
Yes: 56
No: 34
...and so on, a daily total often three feet or more worth all folded up and forming a paper audit record stuffed into the official results envelope by pollworkers.
Good feature. It's open to hacking as Hari Hursti discovered in Leon County FL but let's ignore that for the moment.
Folks, THERE IS NO SUCH RESULTS PRINTOUT (VOTING MACHINE TAPE) FOR ABSENTEE BALLOT PROCESSING.
The Diebold absentee ballot optical scanners ("Central Count") don't record the vote totals this way, even though they're based on the same hardware as a standard precinct optical scan AND they have the little printer installed! They could easily print results for each "batch" of absentees but that feature is completely turned off.
By Diebold.
Which makes the original "GEMS hack" we've been screaming about since '03 a serious danger, more than Diebold has EVER admitted.
And the only reason we know is that the Libertarians were kind enough to hire us to inspect the systems in a handful of California counties.
Jim March
(Edited for clarity after review by a non-techie <grin>.)
(Message edited by Jimmarch on November 18, 2005) |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1187
Registered: 12-2004
Best of Black Box? 
Votes: 2 (A keeper?) | | Posted on Friday, November 18, 2005 - 5:35 am: |
|
This seems particularly significant since there seems to be considerable pressure to move more and more to absentee/postal ballots.
Some people assume this is more reliable because there's paper involved. Yet with this bizarre situation that Jim is highlighting, absentee ballots become appallingly insecure from the standpoint of their ability to use the counting of the absentee ballots to easily manipulate an election.
Combine this with the proclivity of state lawmakers or election officials to restrict access to the paper ballots for the purpose of counting or recounting, and this is a disastrous situation that will only get worse if something is not done about it. |
William Madden
Voting Rights Forum Participant
Username: Willjam
Post Number: 1
Registered: 03-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Friday, November 18, 2005 - 1:12 pm: |
|
On Monday, November 21st, California’s Voting System Panel (VSP) was slated to hold public hearings on whether to recertify Diebold TSX touchscreen machines. The California Election Protection Network (CEPN) issued a press release inviting concerned citizens to speak at the 10 a.m. hearing and attend a rally at Secretary of State Bruce McPherson’s office to encourage state officials to “send Diebold packing before Turkey Day.”
But when CEPN spokesperson Sherry Healy called to verify the hearing date and time, she received startling news.
“I asked Bruce McDannold in the Secretary of State’s office if the hearing is still on for Monday,” she told Raw Story. “He said, 'You’re half right. The VSP has been disbanded.' I asked why. He said, 'I can’t speak for the Secretary of State.’”
According to Healy, McDannold stated that a stenographer and recording device would be on hand to record any public comment.
This article can be found at Raw Story:
http://rawstory.com/news/2005/Will_California_send_Diebold_packing_before_1118.h tml
This is scary, when constituants are limited to speaking into a recorder.
Another site of interest concerning this issue;
http://www.califelectprotect.net/home.html
Will |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1190
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, November 18, 2005 - 1:42 pm: |
|
Wow. Thanks Will for posting this info and the links. |
melodee hallett
Voting Rights Forum Participant
Username: Insmort
Post Number: 2
Registered: 11-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, November 20, 2005 - 8:30 pm: |
|
I am sorry I have a really hard time following all the problems with the voting companies and computer software.
We had a recount ordered by our state official in our county this week. We have Eagle optical scanners and ES&S software and or firmware. This doesn't seem to meet what you are alluding to in the latest post on the absentee ballots.
I have talked to one of our mailman who has stated that this election and the last, ballots were still being delivered the day of the election. I received mine weeks in advance in both elections.
M. Hallett
Chaffee County, CO. |
Edward Robles
Voting Rights Forum Participant
Username: Tedeger
Post Number: 4
Registered: 11-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, November 27, 2005 - 9:12 am: |
|
ES&S is a clone of Diebold's. Wasn't it ES&S machines that delivered 97,000 votes in a precinct where 1500 were registered? |
|
|
