Forum Navigation
Topics
Log In
Log Out
:
Forum Search
New Today
New This Week
Advanced Search
Tree View
Forum Account
Edit Profile
Register
Forgot Password
Forum Tools
Help/Instructions
Policies
CLICK STATE TO SEE:
"WATCH LIST"
Marked with: 
"OPEN & HONEST"
Marked with: 
...
|
| 5-4-06: Touch-screens fail security t... |
|
| Author |
Message |
    
Bev Harris
Board Administrator
Username: Admin
Post Number: 4486
Registered: 12-2004
Best of Black Box? 
Votes: 12 (A keeper?) | | Posted on Friday, May 5, 2006 - 8:10 pm: | 
|
This week, the state of Pennsylvania sequestered all Diebold touch-screens to implement an emergency security measure. Several more states are expected to follow Pennsylvania.
The state of Utah has known that a critical security risk exists in its Diebold TSx touch-screens, but chose to punish the courageous public official responsible for identifying the defect instead of taking any efforts to learn what the problem is and correct it.
Below is a link to the security alert faxed to the Utah Lt. Governor, state elections director, Emery County attorney and Emery County commissioners on March 24.
Shoot the messenger
Utah officials ignored the warning entirely, and instead flew Diebold attorneys to Emery County on the governor's airplane, where the Diebold lawyers were allowed to sit into a private executive session. In this session, a decision appears to have been made to block Emery County Elections director Bruce Funk from executing his duties.
In Utah, the law requires that any employment decision be publicly noticed (it was not) and the county attorney is the designated counsel for county elections officials (County Attorney David Blackwell chose to side with Diebold against Bruce Funk). According to a tape recording of the public portion of the meeting, Bruce Funk repeatedly requested an attorney, but this was denied to him.
Funk was an eye witness to the security testing by Harri Hursti and Security Innovation, Inc. He knew first-hand that the machines represented a significant security risk. County commissioners told him he was going to be required to use the machines anyway, Diebold refused to provide a letter in writing indicating that machines it sold weren't used or loaded with inappropriate software; Diebold then told Emery County that it was going to cost $40,000 to check over the machines (the Diebold contract limits them to charging just over $1200 per day, Emery County has just 40 machines, and re-flashing all machines with a new system takes no more than 10 minutes per machine). Funk was told that he would not be permitted to watch Diebold technicians work on the machines, and they had already "visited" his machines while he was out of town for a day.
Legal issues
Because Funk was denied a lawyer, he didn't know that a little-known 1929 law in Utah was sometimes used by public officials to browbeat each other out of office. If certain public officials gang up and intimidate another public official, threatening punitive measures and dire consequences, urging resignation, if the targeted official tenders even a tentative and conditional resignation, under some interpretations that is held to stick. Diebold and the county succeeded in browbeating Funk into temporary submission; he quickly notified them in writing that he had no intention of resigning, so they locked him out of his office.
Black Box Voting has assisted Funk in securing qualified legal counsel and is underwriting the public policy legal actions to defend Funk against Diebold's actions -- ironically, with Diebold's own money, won in a Diebold false claims suit in California. A $76,000 fee was paid to Black Box Voting founder Bev Harris, and was subsequently contributed as a restricted donation for public interest litigation. The Diebold money is now helping support the fight by whistleblower Stephen Heller, who is facing retaliatory action by Diebold's attorneys. Diebold false claim funds are also underwriting legal actions to help Bruce Funk fight Diebold's retaliation.
In Funk's case, the lack of public notice and failure to put his employment matter on the agenda likely outweighs the 1929 law, as does the county's refusal to provide him with counsel, failure to allow him to sit in on the private meeting with Diebold lawyers concerning his employment, and insistence that he take responsibility for elections held on machines he knew to be insecure.
To date, Emery County has refused to provide Funk with either a transcript or a tape or their behind-closed-doors meeting with Diebold attorneys.
Diebold's behavior is even more problematic
Experts for the state of California and the state of Pennsylvanie have now confirmed the seriousness of the vulnerabilities discovered in Emery County. Diebold was cornered by Pennsylvania voting system examiner Michael Shamos, and was given the choice of telling the truth or lying. Shamos had already sequestered one of the machines and was prepared to examine it himself it Diebold lied. Only after this did Diebold admit to knowing about the security vulnerability, which is designed into the system.
Black Box Voting is completing reports with Harri Hursti and subsequently with Security Innovation (which will serve as peer review for Hursti Report II). The Hursti Report on findings from Emery County will detail multiple back doors built into the system. This report will be released to the public in redacted form on May 10. The unredacted version will be provided to federal and state regulators, including the Dept. of Homeland Security's "CERT" alert system.
Letter to Utah officials
Here is a quote from the preliminary information which Utah officials chose to ignore (except for locking Mr. Funk out of his office):
quote:To: Gary Herbert, Lt. Governor of the state of Utah
Cc: David Blackwell, Emery County Attorney
Bruce Funk, Emery County Elections
Emery County Commissioners
Michael Cragun, Utah State Elections Director
Mar. 24, 2006
Dear Sirs,
This is a formal notification that a security defect was found in the Diebold TSx system in Emery County, Utah by professional security experts from Security Innovation, Inc. and Mr. Harri Hursti. Because of the severity of the defects, the formal reports are being prepared with sufficient precision to garner the attention of the appropriate authorities with jurisdiction over this matter. These authorities, of course, include each of you who are receiving this notice, in addition to federal authorities in the general area of computer security.
...
The security problems found in Emery County present potentially catastrophic security defects for upcoming elections. The issue extends outside of Emery County to additional states. The identified security vulnerability appears to be:
1) Persistent, with the ability to survive through multiple elections;
2) Difficult to detect, not only for elections official but also for security experts and even for Diebold technicians;
3) Flexible, in that the exploit can selectively affect any particular election, candidate or ballot question;
4) Accessible, in that no password, supervisor access or special equipment is needed to invoke the exploit;
5) Difficult to eradicate with any patch, reinstallation, or cleaning procedure;
6) Likely to be exploited, because the skills needed to exploit the hole are possessed by many programmers and the information needed to conduct the exploit is generally available to the public. The time needed to exploit the security hole is in the range of a week’s planning time and 60 seconds for execution.
A pattern of security failures
The testing in Emery County follows another set of tests by Black Box Voting in Leon County, Florida, which documented security flaws in the GEMS central tabulator and the Diebold AccuVote optical scan system.
A pattern of retaliation by Diebold
Like Bruce Funk, Leon County Supervisor of Elections Ion Sancho faced retaliation by Diebold and other voting companies. Diebold refused to honor its contract with Sancho, forcing him out of HAVA compliance. The only other authorized vendors then blackballed Sancho, refusing to sell to him.
The Florida Attorney General is now investigating Diebold, ES&S and Sequoia for collusion and antitrust violations.
Diebold has also been participating in orchestrated smear campaigns against Black Box Voting and its founder, Bev Harris, using fake Internet "screen names," identity theft (posing as board members of Black Box Voting to post defamation), organizing fake news Web sites smearing election integrity advocates in general and Black Box Voting/Bev Harris specifically. Some Diebold employees tag-team with the Diebold smear squad to point elections officials toward the cyberlibel. The Diebold Internet smear squad also includes an individual from North Carolina.
Black Box Voting, together with a team of volunteer researchers, has now obtained documents and photographs which directly tie these Internet libel campaigns to Diebold. A more detailed article on the Diebold Internet smearing, accompanied by documents and photographs, will be published here after the dust has settled on the Diebold touch-screen security failures.
PERMISSION TO REPRINT GRANTED, WITH LINK TO http://www.blackboxvoting.org |
John Dean
Frequent Voting Rights Forum Participant
Username: Bozosforbush
Post Number: 306
Registered: 12-2004
Best of Black Box?
Votes: 3 (A keeper?) | | Posted on Friday, May 5, 2006 - 10:46 pm: |
|
To the good folks at DU, Daily Kos, and other sites,
My name is John Dean, from Santa Ana, California. I am not affiliated with this site in any official capacity - I am merely a volunteer, like many other good people here, in search of the truth.
For the past few weeks, many of us have been working behind the scenes to figure out the complex internet libel campaign that has been going on for a very long time about Bev Harris.
In the coming days, a lot of evidence will be revealed that will both surprise and shock a lot of you. This evidence is solid, it's all captured, and it will prove our case.
A few screennames, some well-known, some lesser-known, will do their best to deceive you. Please do not be fooled...use your own eyes and your own head. The machines are going down, and those tied to their makers who have been deceiving you for a very long time, are going down as well.
Sincerely,
John
sluggojd@sbcglobal.net |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2315
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, May 6, 2006 - 4:52 am: |
|
Way to go, John. You've had to put up with your share of grief, as well.
The organized ganging up against Bev Harris and BBV was really obvious to me, but some people who don't realize this kind of thing goes on obviously got sucked in and deceived. It's that old Psy-Ops strategy--repeat something often enough and eventually people will believe it.
It's time for the record to be put straight at last. |
Bev Harris
Board Administrator
Username: Admin
Post Number: 4498
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Saturday, May 6, 2006 - 6:31 am: |
|
"Repeat a lie often enough and people will believe it."
Diebold. "Hursti was given the passwords and total access to the computer system."
Diebold repeated that over and over and over, in public meetings, in letters, to the press. Even after the California Report clearly stated that no passwords were needed and the only access was through a memory card, Diebold STILL repeats the lie over and over and over.
A surprising number of elections officials now believe the lie, just because Diebold was bold enough to keep telling it.
John Dean, even I didn't listen to you at first. Mistakenly, I thought taking on the smears head-on was going to be perceived as trivial, and besides, our organization couldn't take the time away from the real work to do that.
You persevered and when we set up the small research area and seeded it with citizens who have excellent analytical and research skills, it took just days to get the formal documentation tracing back to Diebold. Amazing.
And thanks.
 |
Joseph Hall
Voting Rights Forum Participant
Username: Joehall
Post Number: 74
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, May 6, 2006 - 12:27 pm: |
|
Hi guys, it would seem important to notify jurisdictions that might use this equipment that will have primaries between now and 10 May (or within a few weeks of that day) of these vulnerabilities and the proper defensive mechanisms that they could take to defend their systems.
Have you thought about giving a limited set of the information to CERT now instead of waiting to 10 May? That is, enough information so that they could post an alert communication that would vaguely describe the problem but go into detail about defensive measures? I guess I'm worried about the timescales here... I understand that you want the report to come out bullet-proof, but it seems that there is a tension between the time-sensitivity of primary elections being run on vulnerable equipment and this goal. best, Joe |
Bev Harris
Board Administrator
Username: Admin
Post Number: 4502
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, May 6, 2006 - 1:01 pm: |
|
Joe --
Only West Virginia and Nebraska have elections on May 9. We cannot find that they have Diebold equipment. Do you know otherwise?
Also, it is not possible for either state or local officials to mitigate the risk without fairly extreme measures. The specific issue has been circulated privately by those with a high level of "clearance" but unfortunately, the tools to correct the problem remain an obstacle to its correction.
Even vaguely describing the problem imperils the election. |
Joseph Hall
Voting Rights Forum Participant
Username: Joehall
Post Number: 76
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, May 6, 2006 - 1:22 pm: |
|
Ah, great points... I did some lexis searching and found that ES&S won the bid for the statewide procurement in West Virginia[1] and I can't find much for Nebraska but would assume that it would use ES&S.
I have heard some description of the vulnerability and had thought that the actions recommended by the PA SoS could go a long way towards mitigation. It sounds like it's more complicated than I had thought. I'll wait to see the 10 May report. best, Joe
[1] Lawrence Messina, "Omaha's ES&S selected as voting machine vendor", The Associated Press State & Local Wire, September 15, 2005. |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 184
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, May 6, 2006 - 7:41 pm: |
|
Joe & Bev,
Nebraska is using ES&S opscans statewide augmented with AutoMark accessibility units. See:
http://www.electionline.org/Portals/1/Publications/2006.annual.report.Final.pdf
Page 60 is Nebraska - sorry, it's a long report, but a valuable one-stop shopping resource for "What are they using in..." questions.
Kurt |
Jim March
Moderator
Username: Jimmarch
Post Number: 161
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, May 6, 2006 - 10:58 pm: |
|
Where this is going to get very interesting is in Emery County itself, and for that matter at the Utah Lt. Governor's office.
They basically gambled that their actions against Bruce Funk wouldn't bite them. More specifically, they placed a bet that Diebold was going to win and not have any serious problems exposed.
Well that was a sucker bet if ever there was one.
Hmmm.
But...were they really betting that the media and public wouldn't care? That any evidence of Diebold's misconduct wouldn't make the national news?
That, unfortunately, would be a better bet. Ultimately everything we do has to center around fighting to make sure that bet fails.
But there's another front on all this: as the body of evidence of bad voting machines grows, we can also take that to court. Which is one reason getting Bruce Funk legal representation is a good idea on top of being the right thing to do: proving in court that Bruce Funk's actions were proper and exposed unsafe-at-any-speed voting machines gives us hard evidence to refer to in everything else.
As do legislative hearings. As could any state attorney general's full investigation in hte right Diebold-customer state.
We've got to push all these fronts. That gets us the media. And that gets us the public, which so far has no idea what's going on.
* * * * * *
* * * * * *
* * * * * *
* * * * * *
TRIPLE PROTECTION FOR ELECTION 2006 - STARTING NOW:
(1) Use Freedom of Information, public records requests ("All American Paper Chase")
(2) Try Dumpster Diving for Democracy
(3) Candid America Project - Don't leave home without your camcorder
HOW TO DO IT: http://www.bbvforums.org/forums/messages/6/6.html
|
Kathleen Wynne
Moderator
Username: Admin_ii
Post Number: 278
Registered: 08-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Sunday, May 7, 2006 - 7:09 am: |
|
Jim's right.
We also need to focus on the the fact that an elected official was locked out of his office without benefit of counsel and due process. We need to question how is it possible for an elected official to be so easily and quickly pushed out of office, as Bruce Funk was? Do those who elected Mr. Funk have no say in the matter?
Diebold was given great leeway and leverage in their role in this matter by both the Governor's office and the Emery County Commssioners in influencing how they handled the situation with Mr. Funk. First, the Governor sent his plane to fly Diebold attorneys and representatives to Utah to meet with the County Commissioners of Emery County. The County Commissioners and the County Attorney then met behind closed doors with the Diebold attorneys/representatives, as well as representatives from the Lieutant Governor's office to discuss the situation, while Mr. Funk sat outside. To date, Mr. Funk has not been given a copy of the tape recording of that meeting. Why not? He has a right to those tapes because he was and legally still is the duly elected County Clerk/Auditor of Emery County. The seriousness lies in how vendors are allowed to step over the line and are literally given unprecedented influence over election officials. It also explains why the majority of election officials are hesitant to step forward and act in the best interests of their constituents, as Mr. Funk and Ion Sancho of Leon County, Florida have done. They will be severely punished by the vendors if they do and will maybe even lose their jobs.
Fortunately, the State Attorney General of Florida has taken steps in confronting these vendors by his having subpoened all of the certified vendors of Florida -- Diebold, ES&S and Sequoia -- for questioning. The reason for the subpoenas was because these vendors refused to sell their machines to Mr. Sancho. Many would call what these vendors did "extortion", but we'll have to wait and see what determination the Florida AG makes in his investigation of these vendors' actions. But it's a start in the right direction in dealing with these vendors.
Needless to say, it doesn't take a rocket scientist to understand what's wrong with this picture. This isn't about protecting trade secrets. Vendors simply don't want election officials and citizens to look inside the black box because of what we'll find. "Houston, we've got a problem!"
(Message edited by admin_ii on May 07, 2006)
* * * * * *
* * * * * *
* * * * * *
* * * * * *
TRIPLE PROTECTION FOR ELECTION 2006 - STARTING NOW:
(1) Use Freedom of Information, public records requests ("All American Paper Chase")
(2) Try Dumpster Diving for Democracy
(3) Candid America Project - Don't leave home without your camcorder
HOW TO DO IT: http://www.bbvforums.org/forums/messages/6/6.html
|
Erich Specht
Voting Rights Forum Participant
Username: Frogmarchbush
Post Number: 2
Registered: 03-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 7, 2006 - 3:45 pm: |
|
The link to the word document is bad. It's linking to a document called An_Open_Letter_To_The_Administrators_Of_The_Emery_County_Government-27635.unk instead of the word document. |
Pat Vesely
Frequent Voting Rights Forum Participant
Username: Pat_vesely
Post Number: 298
Registered: 02-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 7, 2006 - 3:51 pm: |
|
Erich, just download it as is and rename the file extension to ".doc" instead of ".unk" and it will open in MS Word.
Pat A. Vesely ;-) |
Jim March
Moderator
Username: Jimmarch
Post Number: 164
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 7, 2006 - 9:08 pm: |
|
Yeah, we're going to fix that ".unk" thing once and for all. It's a forum configuration issue. Meanwhile the file is complete and works.
* * * * * *
* * * * * *
* * * * * *
* * * * * *
TRIPLE PROTECTION FOR ELECTION 2006 - STARTING NOW:
(1) Use Freedom of Information, public records requests ("All American Paper Chase")
(2) Try Dumpster Diving for Democracy
(3) Candid America Project - Don't leave home without your camcorder
HOW TO DO IT: http://www.bbvforums.org/forums/messages/6/6.html
|
Scott S. Cooper
Voting Rights Forum Participant
Username: Sscoop
Post Number: 2
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, May 8, 2006 - 1:39 am: |
|
Bev,
Thank you for the relevant info on all the outlandish behavior by Diebold's attorneys, stinks of collusion. Following the money seems to lead to all the same players. We need to be diligent, resolute and resourceful to take back the machinery of our elections. Ultimate goal, Public funding of all elections. Will it be a struggle? Damn right. Is it worth it? Absolutely! The most important battle of our lifetimes. Thank all of you in the Forums! |
Adele Eisner
Voting Rights Forum Participant
Username: Eisnera
Post Number: 5
Registered: 01-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, May 9, 2006 - 2:00 pm: |
|
TALK ABOUT COLLUSION AMONG VENDORS!
You know the 17000 Optical Scan absentee ballots that the Cuyahoga County BOE had to count by hand all last week? Because they went outside of the vendor monopoly and took a $90,000 bid from a local tested printer, instead of like everyone else, going to ES&S owned Dayton Legal Blank, for their $137,000 bid?
The Diebold scanners that needed a printer to print within a TWO HAIR WIDTH TOLERANCE! - and which according to Dayton Legal Blank, only DLB can do - those Diebold scanners cost $9,409.31 - EACH!
Today the Comptroller at CCBOE confirmed the fact that the twenty Diebold scanners that were reading erratically at the BOE were the $9,409.31 each "high speed" Diebold-approved-by-Blackwell variety, which by the way also could only read 300 ballots per hour, when it can read!
Friends - for $9,409. for each scanner,in today's tech environment - I think each one should have been able to read a ballot if it were a whole friggin' earlobe off, and it should be runnin' to do it!
But it seems that vendors have a penchant for keepin hogloads of ongoing revenues amongst themselves - you know the Urosevich's, the Shoups, et al....
I still say - and lord knows I'm no fan of the incompetence, arrogance and closure at the CCBOE - that in this case, the CCBOE did the right thing by trying to go outside this vendor monopoly - after giving Diebold $135 per memory card with over 6,000 memory cards purchased, and 3.50 per voter access card - with thousands of these purchased - all with Diebold being "sole source" for compatibility for oh so many things....
At least here the CCBOE tried, going locally from a tested printer at lower cost,though alas, possibly not thinking it through with enough action,they failed. I truly am glad they tried.
For this piece of the 5/2 chaos, Diebold/DLB here we come.... |
suhkara a yahweh`
Voting Rights Forum Participant
Username: Suhkara_a_yahweh
Post Number: 4
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, May 9, 2006 - 9:15 pm: |
|
The TS Diebold were used in the May2,06 primary and the TSX will be used in the Aug.3,06 election.This election is a historical one, this is the largest ballot in the history of Shelby,County Tenn.Our course of action is as following.1.The election Commissioner operation mgr.has received a copy of the 4-3-06 alert and the election adminstrator a request for the serial numbers and other information concering the Diebold machine.We will make a new request that will include a list of stockholders. 2.We have contacted the Chairperson of the City Council,a State Rep. Election Sub-Committee member and other State Officials.3.Contacted the local union AFSCME 1733 to seek their support. We are working to build a coalition to launch a Operation Election Integrity Movement.4.We hope to file a Federal Injuction to prevent theAug. 3,06 Election based on the violation of the civil and constitional right to vote in a fair,accurate,secure and Democratic election and that the vote will be counted.If there is a legal suit we would like to supeona Ms. Bev.Harris and other experts to come and testify. Give us information we will need when we reach that point based on pass suits. |
|
|
Diebold TSx warning
