Navigation
Topics
Log In
Log Out
:
Special Search
New Today
New This Week
Advanced Search
Tree View
Your Account
Edit Profile
Register
Forgot Password
Tools
Help/Instructions
Policies
CLICK STATE TO SEE:
"WATCH LIST"
Marked with: 
"OPEN & HONEST"
Marked with: 
...
|
| 5-11-06: Three-level security flaws f... |
|
| Author |
Message |
    
Bev Harris
Board Administrator
Username: Admin
Post Number: 4556
Registered: 12-2004
Best of Black Box? 
Votes: 33 (A keeper?) | | Posted on Thursday, May 11, 2006 - 12:34 pm: | 
|
Due to the nature of this report it is distributed in two different versions. Details of the attack are only in the restricted distribution version considered to be confidential. Fewer than 50 words have been redacted in the version below.
Overview
Click "more" for link to full report
Note: Please refrain from speculation or public discussion of inappropriate technical details.
This document describes several security issues with the Diebold electronic voting terminals TSx and TS6. These touch-pad terminals are widely used in US and Canadian elections and are among the most widely used touch pad voting systems in North America. Several vulnerabilities are described in this report.
One of them, however, seems to enable a malicious person to compromise the equipment even years before actually using the exploit, possibly leaving the voting terminal incurably compromised.
These architectural defects are not in the election-processing system itself. However, they compromise the underlying platform and therefore cast a serious question over the integrity of the vote. These exploits can be used to affect the trustworthiness of the system or to selectively disenfranchise groups of voters through denial of service.
http://www.blackboxvoting.org/BBVtsxstudy.pdf (327 KB)
Critical Security Alert: Diebold TSx and TS6 voting systems
by Harri Hursti, for Black Box Voting, Inc.
Three-layer architecture, 3 security problems
Each can stand alone or combine for 3-layer offense in depth
As an oversimplification, the systems in question have three major software layers: boot loader, operating system and application program. As appropriate for current designs, the first two layers should contain all hardware specific implementations and modifications, while the application layer should access the hardware – the touch pad, memory card, the network etc. – only via services and functions provided by the operating system and therefore be independent of the hardware design. Whether the architecture in question follows these basic guidelines is unknown.
Based on publicly available documentation, source code excerpts and testing performed with the system, there seem to be several backdoors to the system which are unacceptable from a security point of view. These backdoors exist in each of these three layers and they allow the system to be modified in extremely flexible ways without even basic levels of security involved.
In the worst case scenario, the architectural weaknesses incorporated in these voting terminals allow a sophisticated attacker to develop an "offense in depth" approach in which each compromised layer will also become the guardian against clean-up efforts in the other layers. This kind of deep attack is extremely persistent and it is noteworthy that the layers can conceal the contamination very effectively should the attacker wish that. A quite natural strategy in these types of situations is to penetrate, modify and make everything look normal.
Well documented viral attacks exist in similar systems deploying interception and falsification of hash-code calculations used to verify integrity in the higher application levels to avoid detection. The three-level attack is the worst possible attack. However, each layer can also be used to deploy a stand-alone attack. The TSx systems examined appear to offer opportunities for the three-level attack as well as the stand-alone attacks.
It is important to understand that these attacks are permanent in nature, surviving through the election cycles. Therefore, the contamination can happen at any point of the device's life cycle and remain active and undetected from the point of contamination on through multiple election cycles and even software upgrade cycles.
Here is a rough analogy:
- The application can be imagined as written instructions on a paper. If it is possible to replace these instructions, as it indeed seems, then the attacker can do whatever he wishes as long as the instructions are used.
- The operating system is the man reading the instructions. If he can be brainwashed according to the wishes of the attacker, then even correct instructions on the paper solve nothing. The man can decide to selectively do something different than the instructions. New paper instructions come and go, and the attacker can decide which instructions to follow because the operating system itself is under his control.
- The boot loader is the supreme entity that creates the man, the world and everything in it. In addition to creating, the boot loader also defines what is allowed in the world and delegates part of that responsibility to the operating system. If the attacker can replace the boot loader, trying to change the paper instructions or the man reading them does not work. The supreme entity will always have the power to replace the man with his own favorite, or perhaps he just modifies the man’s eyes and ears: Every time the man sees yellow, the supreme being makes him think he is seeing brown. The supreme entity can give the man two heads and a secret magic word to trigger switching the heads.
In the world of the Diebold touch-screen voting terminals, all of these attacks look possible.
The instructions (applications and files) can be changed. The man reading the files (Windows CE Operating System and the libraries) can be changed. Or the supreme entity (boot loader) can be changed, giving total control over the operating system and the files even if they are "clean software."
Specific conceptual information is contained in the report, with details and filenames in the high-security version which is being delivered under cryptographic and/or personal signature controls to the EAC, Diebold CEO Tom Swidarski and CERT.
1) Boot loader reflashing
2) Operating system reflashing
3) Selective file replacement
In addition, the casing of the TSx machines lack basic seals and security, and within the casing additional exploitations are found.
Conclusions and Recommendations
Because there is no way of having chain of custody or audit trail for machines, the machines need to be reflashed with a known good version (assessing the risks potentially inherited). Ideally this should be done by the proper governmental authorities rather than being outsourced.
After that, extensive chain of custody management has to be established to make sure that machines do not potentially get recontaminated. Less than five minutes is required for contamination.
The bootloader needs to be re-engineered.
The cases need to be properly and permanently sealed.
Further study is warranted around these issues and others in the May 15, 2006 Supplemental Report for the Emery County TSx study.
While these flaws in design are not in the vote-processing system itself, they potentially seriously compromise election security. It would be helpful to learn how existing oversight processes have failed to identify this threat.
A secondary report will be released on May 15, 2006. This report contains approximately 12 other areas of secondary concern to the problems described in this initial report.
PERMISSION TO REPRINT GRANTED, WITH LINK TO http://www.blackboxvoting.org
Black Box Voting is a nonpartisan, nonprofit 501c(3) organization focusing on investigations related to ensure accurate and fair elections. This organization is supported entirely by citizen donations.
To support this work:
http://www.blackboxvoting.org/donate.html
Mailing Address:
Black Box Voting, Inc.
330 SW 43rd St Suite K
PMB 547
Renton WA 98055 |
Jody Holder
Voting Rights Forum Participant
Username: Holder
Post Number: 16
Registered: 11-2005
Best of Black Box? 
Votes: 5 (A keeper?) | | Posted on Thursday, May 11, 2006 - 1:18 pm: |
|
Bev:
I am unsure what you mean by "public discussion of inappropriate technical details". Do you mean among voting activists or at public presentations?
What this means is that another election should not be conducted on a Diebold voting system until all the required fixes have been accomplished. Yet elections are going on all over the country currently, and there is no time to do the fixes prior to many of those elections.
It also means that an attack could have already occurred several years ago and no one would know.
My great thanks to Black Box Voting, and those patriots who have stepped forward in defense of their country. Also to a patriot of the world, Harri Hursti. |
Bev Harris
Board Administrator
Username: Admin
Post Number: 4558
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 1:41 pm: |
|
CORRECT: What this means is that another election should not be conducted on a Diebold voting system until all the required fixes have been accomplished. Yet elections are going on all over the country currently, and there is no time to do the fixes prior to many of those elections.
CORRECT: It also means that an attack could have already occurred several years ago and no one would know.
And by inappropriate public speculation, we mean do not speculate about the specific filenames or tools regardless of whether you think they are already discussed or easy to find or simple to guess.
No file names should be named. Or other details. |
Pat Vesely
Frequent Voting Rights Forum Participant
Username: Pat_vesely
Post Number: 308
Registered: 02-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 1:48 pm: |
|
Hi Jody, Some of us who are more familiar with the inner workings of the Diebold software and computer systems in general can reasonably deduce what the "redacted" portions may contain. I think Bev may have added that line to remind us NOT to speculate in public and make an already bad situation even worse since we know that some jurisdictions will still try to use these machines in upcoming elections.
It's bad enough that the 'pros' will be able to figure it out, no sense in giving every 'script kiddy' on the Internet more clues than we have to.
Pat A. Vesely ;-) |
John Gideon
Frequent Voting Rights Forum Participant
Username: Johngideon
Post Number: 219
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 1:57 pm: |
|
Does anyone have an unredacted copy of the SAIC security report done for Maryland? Was this problem found by SAIC? |
Bev Harris
Board Administrator
Username: Admin
Post Number: 4561
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 2:02 pm: |
|
If it was found by SAIC it is not possible to fathom why entire states are taking delivery on machines with these vulnerabilities three years later. |
John Gideon
Frequent Voting Rights Forum Participant
Username: Johngideon
Post Number: 220
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 2:05 pm: |
|
The SAIC report that was released is redacted. The question is whether the SAIC report found this problem and whether Maryland and Diebold kept it quiet and just told SAIC that they had fixed the problem. There was no follow-up by SAIC, to my knowledge.
Let me be clear that I am not accusing anyone of covering-up a security problem like this one. I am only asking the question. |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 237
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 2:06 pm: |
|
Pat,
"It's bad enough that the 'pros' will be able to figure it out, no sense in giving every 'script kiddy' on the Internet more clues than we have to. "
Pat, that is one of the most responsible and profound statements I think I've ever read, and why I never felt that "open source" was the solution to anything. Bravos, Pat, bravos.
Kurt Bellman |
Bruce Sims
Frequent Voting Rights Forum Participant
Username: Ubetchaiam
Post Number: 768
Registered: 06-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 2:26 pm: |
|
What is most distrubing about this report summation is the following:"It is important to understand that these attacks are permanent in nature, surviving through the election cycles."
This means that if such has already occurred, the machines are fatally comprised and ,it would appear from the summation, all such machines would have to be examined and then redone.
It would be good to undersand whether this "The bootloader needs to be re-engineered." is referencing the ntldr module or referncing bios firmware. |
Bev Harris
Board Administrator
Username: Admin
Post Number: 4564
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 2:44 pm: |
|
This kind of speculation is requested not to happen here. |
Jean-Baptiste Biard
Voting Rights Forum Participant
Username: Jbbiard
Post Number: 1
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 2:54 pm: |
|
Kurt,
- First of all, my first post here, great to be allowed to do that, thanks BBV.
- Second, about your "open source is not a solution" remark: the same rule used here ("do not expose a vulnerability while no fix is available") is routinely used in the open source community. Open Source does not changes much there, except that fair scutiny is much easier and fixes often more quickly provided...
- Third, about the bottom of the matter: would not it be sadly "nice" to find modified machines. Any machine that is "flashed" will erase potential tampering proofs. That is fine for the coming votes, but this amounts to destroying proofs. How are you coping with that? |
Jesse Weinstein
Voting Rights Forum Participant
Username: Jessew
Post Number: 1
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 4:06 pm: |
|
I (using pdftohtml-0.38 ) have made an HTML version of the report. If it would be acceptable to the authors of the report, I'd be delighted to upload it here, or on my personal webspace if that would be preferred. (although I'd prefer if it was here, for bandwidth cost reasons ;-) ) |
Marian Beddill
Voting Rights Forum Participant
Username: Uu7thprinciple
Post Number: 28
Registered: 08-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 4:15 pm: |
|
Jesse;
Send it to me and I'll post it on my webspace:
http://noleakybuckets.org/
Marian
<beddill@nas.com> |
Bev Harris
Board Administrator
Username: Admin
Post Number: 4566
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 4:21 pm: |
|
Thanks, Marian. All we require is a live link to http://www.blackboxvoting.org on its front page. |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 238
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 4:23 pm: |
|
Jean-Baptiste,
Welcome. Glad to have you here.
"Open source" means many people have ability to do mischief. Propreitary means few do, but fewer still have the ability to detect mischief. Tough call.
As a slightly sardonic aside, "open source" also typically connotes "I don't like Microsoft much." In that, we agree, but not because I'm an open sourcer. Actually, I'm a Macintosh man at heart.
About the "bottom of the matter":
What you have stated is a fairly perfect conumdrum. What to do? Do we attempt to prevent future harm by erasing potential evidence of past wrongdoing?
The answer to that depends on what brings one to the table. If one is motivated by retribution and "being right", the choice is far more difficult. If "letting it go" is impossible, then that choice is torture. If, on the other hand, you are motivated by fear for the future, and you don't believe you've seen enough to make you distrust what has come before, the choice is easy. You must flash, just to be extra sure, if only to reassure the electorate that voting can still matter. |
Marian Beddill
Voting Rights Forum Participant
Username: Uu7thprinciple
Post Number: 29
Registered: 08-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 4:39 pm: |
|
Bev;
I have created a prominent link on my front page at http://noleakybuckets.org/ , with direct links back to BBV, and a copy of your PDF.
(Nothing like having a backup.)
Marian |
Joseph Hall
Voting Rights Forum Participant
Username: Joehall
Post Number: 82
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 4:53 pm: |
|
The debate over source code is much more complicated. I have a paper on access to source code and open source in e-voting in this summer's USENIX/ACCURATE workshop... I should be able to have a shareable version of that paper when finals and such are over here.
Note that there is evidence of this design flaw dating back to 2002 without having to see the 2/3 of the redacted part of the SAIC report. If I know you (John, Kurt and BBV crew, of course) and you have a GPG/PGP key, I can send you what I've got. You know my email. best, Joe |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2368
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 5:03 pm: |
|
I really appreciate the clarity and simplicity in these explanations. That is not an easy thing to achieve.
Bravo and thanks to everyone involved in this project. |
John Dean
Frequent Voting Rights Forum Participant
Username: Bozosforbush
Post Number: 363
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 6:30 pm: |
|
Yes, bravo and thanks to everyone involved! |
Samuel Scharff
Voting Rights Forum Participant
Username: Abacus
Post Number: 31
Registered: 08-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 8:01 pm: |
|
If I may be forgiven for a bit of irreverence -- and , please, all hands have my great respect and thanks -- this reminds me of the old arguments about how many angels can dance on the head of a pin...
A small voice for hand counted paper ballots? [I know some of you arfe sympathetic...] |
sheila solomon
Voting Rights Forum Participant
Username: Sheilas
Post Number: 1
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 8:11 pm: |
|
Hi - I have read the redacted report. We are fighting the battle right now in Pima County Arizona. and have a board of supervisors who will make a decision in less than a week.
I have quite a bit of security experience but the challenge I have is translating this information into something I can concretely demonstrate to local politicians for maximum effect.
Is there any way we can provide more complete information under secrecy directly to their IT staff? |
Kathleen Wynne
Moderator
Username: Admin_ii
Post Number: 301
Registered: 08-2005
Best of Black Box? 
Votes: 1 (A keeper?) | | Posted on Thursday, May 11, 2006 - 9:12 pm: |
|
Samuel,
quote:this reminds me of the old arguments about how many angels can dance on the head of a pin
This report is not an argument, it's undeniable proof. The contents of this report makes change more possible than it's ever been before.
Citizens now have leverage they didn't have before too. We've proven that the certification process and the Diebold voting machines have failed miserably. No other report before this one has gotten the election industry to sit up and pay attention the way this one has. That's because it's the most devastating report of a voting system ever.
As a result, citizens are now in a position to call into question all the other voting systems and work toward having them independently tested in order to find out whether they too possess similar security flaws as the Diebold voting systems.
The next step is for those citizens, for example, who are advocates for hand counting our ballots to develop and present realisic, well-thought out arguments that address all the issues and concerns expressed by election officials and politicians, who are still resisting the change to hand counts (which is pretty much the majority). Fortunately, JoAnne Karasek and Sheila Parks, two members of BBV, along with many other dedicated citizens are working diligently to develop such a plan and to build a critical mass of support for hand counting paper ballots. I support their vision because their goal is to make certain citizens are dominant in every phase of the voting process and that the process has a transparency that allows average citizens to judge for themselves whether it's working or not.
What this report shows us is that we can no longer outsource our elections to vendors and experts to oversee the process on our behalf ever again. So, at the end of the day, those citizens who make the best case in their plan for change, will have the better chance of garnering the necessary support for implementing it.
More importantly, I sincerely hope this report will be a motivating factor in getting citizens involved in the election process again. That it gets citizens believing that it is they who can make the difference in bringing about the change we've all been fighting for.
This is cause for celebration, IMO.
Kathleen
(Message edited by admin_ii on May 11, 2006)
* * * * * *
* * * * * *
* * * * * *
* * * * * *
TRIPLE PROTECTION FOR ELECTION 2006 - STARTING NOW:
(1) Use Freedom of Information, public records requests ("All American Paper Chase")
(2) Try Dumpster Diving for Democracy
(3) Candid America Project - Don't leave home without your camcorder
HOW TO DO IT: http://www.bbvforums.org/forums/messages/6/6.html
|
Michael McKay
Voting Rights Forum Participant
Username: Seaan
Post Number: 1
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, May 11, 2006 - 11:25 pm: |
|
From the top post:
It would be helpful to learn how existing oversight processes have failed to identify this threat.
and from Kathleen Wynne:
What this report shows us is that we can no longer outsource our elections to vendors and experts to oversee the process on our behalf ever again.
I have several thoughts on this topic. In no particular order:
* I've generally found that formal security reviews (my experience is with FIPS 140) don't find many design bugs. The main point of the review is to establish that your product does what your documentation says it does. If your design has subtle logical flaws, they probably won't find it.
* There are exceptions - usually in areas where the nature of attacks are well understood. For example the security labs that I've worked with for FIPS 140 accreditation are very good with testing and evaluating physical security claims (tamper detection, etc.).
* I don't know which labs are performing the eVoting evaluations, but from my experience with the financial industry I'm not too worried about the industry funded aspect of the evaluation labs. Granted the financial industry has much more of a track record, but at least it shows an example of how impartial reviews can be done. The labs I've worked with are willing to help the testee get the product passed, but this is by making the product better.
* The certification labs depend a lot upon standards, and this is an area where I can see a practical method of improving. By having better standards, we can significantly improve the eVoting evaluations. While standards won’t prevent all design flaws, they can rule out various unsafe practices and mandate other good practices; which collectively can greatly increase the level of security.
* The standards are the real place where knowledgeable experts, representing the voters, can make a difference. This won’t be easy, for example standards almost always take a long time, so changes won’t happen swiftly. The system is also rigged (perhaps on purpose) against non-sponsored participants. For example, in the ANSI X9 financial standards (x9.org) you don't get to vote unless you pay the higher membership rates. Combined with travel requirements, and the amount of work it takes to keep up with the standards, this is just not the type of thing a typical individual can afford to do on their own.
* I think the mid-term solution (over the next 4-5 years) is to have NGO sponsored experts participate in the eVoting standards, where the NGO serves as a proxy to represent the interests of the voters. |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 239
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 4:27 am: |
|
I have a question. What is the central "crux" of this Diebold problem, the main element?
Is it that the machines will boot from a memory card and potentially then rewrite all three layers? Is that the central problem?
And if it is, isn't it fairly likely that all of the new generation of DRE's have used the same technique? Once you read the report, it doesn't really look like something that would be especially unique, or am I missing something?
Kurt |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2372
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 4:38 am: |
|
It may not be unique at all. But so far BBV hasn't been able to arrange for similar tests of equipment made by other vendors. (And/or the computer scientists who have seen some of the others are gagged because they signed restrictive Non Disclosure Agreements.) |
John Burik
Voting Rights Forum Participant
Username: Jburik
Post Number: 1
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 6:46 am: |
|
Kathleen wrote above:What this report shows us is that we can no longer outsource our elections to vendors and experts to oversee the process . . ..
My continued hope is for growing interest among average citizens and the corporate media. I pointed out to a number of reporters in Ohio that the Secretary of State's own consultants' report indicated that memory cards were not reviewed (Diebold report, 4/15/2005, http://www.sos.state.oh.us/sos/HAVA/hava.aspx?section=4). They said, "Thanks," and did not follow up.
Perhaps with Hursti II and national attention we are beginning to really get somewhere useful. |
Bev Harris
Board Administrator
Username: Admin
Post Number: 4569
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 7:24 am: |
|
for Joe Hall: I saw the excellent piece you wrote on your blog, but it appears to contain information that is not quite accurate regarding the recovery method.
Is it not true that you cannot clean a contaminated boot loader with itself?
It appeared to me that your blog was saying you could. |
Joseph Hall
Voting Rights Forum Participant
Username: Joehall
Post Number: 83
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 12:27 pm: |
|
You're right Bev... that is an issue with my post... I'll clarify that right now. |
Bev Harris
Board Administrator
Username: Admin
Post Number: 4570
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Friday, May 12, 2006 - 7:27 am: |
|
Kurt: To the best of our knowledge, Diebold has the only DRE using Windows CE as the platform. You are correct that the problem could exist elsewhere, and that should ABSOLUTELY be studied.
We very nearly got access to an iVotronic last month, but at the last minute the elections official was blocked by another public official.
However -- building a DRE on Windows CE is especially dangerous because the sheer number of people who understand how to exploit Windows is huge.
The boot loader is the biggest problem of all. |
Yuri Bertsch
Voting Rights Forum Participant
Username: Yuri
Post Number: 1
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 7:41 am: |
|
Pat, that is one of the most responsible and profound statements I think I've ever read, and why I never felt that "open source" was the solution to anything. Bravos, Pat, bravos.
I have to completely disagree on your position about keeping the flaw details confidential. This is information that has to be widely distributed so that people are aware how insecure these systems are. Most script kiddies aren’t going to have access to the physical machines and I can’t see many of them resisting the temptation to make their hack obvious.
The people who do have physical access or even systematic physical access will know exactly what you are redacting anyway.
Seeing that King George III (or even Bevus & Butthead) win an election in someplace would be wonderful.
Additionally, without the particulars, Diebold will be able to more effectively downplay or dismiss the problems.
Given the scope of the problem, I can’t see there being a real chance of making these systems secure short of total replacement. There is nothing on the machine that is secure—from the case, to the motherboard, to the OS to the software. |
Patrick J. Kobly
Voting Rights Forum Participant
Username: Pkobly
Post Number: 11
Registered: 12-2004
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Friday, May 12, 2006 - 8:44 am: |
|
RE: Open Source vulnerabilities and the decision to use Windows CE
Kurt:
'"Open source" means many people have ability to do mischief. Propreitary means few do, but fewer still have the ability to detect mischief. Tough call.'
This statement relies on two major assumptions:
1) Attackers typically use source code to craft their attacks
2) Attackers do not have access to the source code of these machines
We do not know whether assumption 2 is valid in this instance. In this particular context, we must adopt a security posture that defends against inside attacks. Any security decisions to be made wrt these machines must assume that the attacker we are protecting against has access to the machine, its source code and documentation. We must be even more concerned about the potential influence of the insider, as insiders have greater opportunity for attack, having access to machines for extended periods of time (for exploration and exploitation of vulnerabilities) often in a private setting where the risk of discovery is minimal.
We know empirically that assumption 1 is not generally valid. In particular, attacks are continually and routinely generated against closed-source software. Attackers seem to have found it far more efficient to find vulnerabilities through black box testing methods than code examination. This squares nicely with the tomes of research that observe that code inspection (including automated) is relatively ineffective for discovering faults that are not known a priori to exist. Techniques used by attackers to discover flaws are asymmetric with techniques used by white hats to detect and mitigate or repair flaws.
Open Source does not magically have less defects. By your argument, one would expect the pattern of vulnerability discovery in OSS software to be different than that of closed source software, as you posit that different methods are used to discover vulnerabilities (source code examination for OSS, black box for closed source). Empirically, we see this is not the case. The conclusion we must draw from this is that attackers are using the same techniques to discover flaws in OSS as in closed source - namely black box testing, fuzzing, etc. This is an effective technique for discovering vulnerabilities to exploit, but a less effective technique for discovering vulnerabilities to mitigate / repair.
Open Source helps us in a few instances here:
- When a vulnerability is found, it can be unambiguously proven to exist, and can be shown to continue to affect other versions (regardless of whether unrelated changes have obscured the behaviour).
- When a defective behaviour is found, it can be replicated, localized and fixed quicker and easier, as there may be an order of magnitude more people addressing issues.
- It allows a larger number of white hats to have the same advantages of access to source code, as we have already accepted that some number of black hats do.
- I would posit that there are more potential white hats than black hats who would be benefitted by the exposure of the code. This is because any attack by a non-insider on this system has an extremely high risk of detection (as they only have access for exploitation in a public setting). This has a significant deterrent effect on non-insiders that does not exist for insiders.
Bev: "However -- building a DRE on Windows CE is especially dangerous because the sheer number of people who understand how to exploit Windows is huge."
This should really be phrased as "building a DRE on Windows CE is especially dangerous because" it exhibits a large number of known (but unfixed) vulnerabilities. I would suggest that building a DRE on an OS proprietary to the vendor and not known in the community is just as (if not more) dangerous, as it has not been exposed to evolutionary improvement by being fixed after being subjected to scrutiny and attack in other applications. It would be far preferable for these systems to be built on a more general purpose OS (exposed to more attacks) where the OS vendor is actively responsive to security concerns. Windows CE appears to fail wrt the second point (responsive vendor), while systems built on vendor proprietary OS's fail wrt the first (broad exposure in multiple contexts). |
Patrick J. Kobly
Voting Rights Forum Participant
Username: Pkobly
Post Number: 12
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 9:03 am: |
|
"If one is motivated by retribution and "being right", the choice is far more difficult. If, ... motivated by fear for the future,... You must flash, just to be extra sure, if only to reassure the electorate that voting can still matter."
Except that the forensic information that could be derived from a proper examination of the machines could reveal specific attack vectors used. These attack vectors could include ones that we have not yet discovered, and that thus would not be resolved by a destructive reflash.
Furthermore, the report seems to cast some level of doubt on whether _any_ reflashing process could definitively fix existing and already compromised machines.
Look, I understand the political imperative not to be viewed as "sore losers," and not to be tied to a specific political agenda, but that forensic information can serve to protect the future, and throwing it away would be irresponsible. |
Dan Beutel
Voting Rights Forum Participant
Username: Dbeutel
Post Number: 2
Registered: 02-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 9:05 am: |
|
On the open vs. closed sources discussion. So-called "security through obscurity" is NOT security. In addition, the statement that many hackers use source code to craft their attacks is also in error. Keep in mind the number of Windows exploits there have been over the years. Most of these have not been a result of hackers pouring through thousands upon thousands of lines of code.
I work for a software company that takes security very seriously, and have participated in threat modeling exercises, data fuzzing testing, and the like. Relying on people not knowing about your weak points isn't only irresponsible... it's just plain stupid.
(Message edited by dbeutel on May 12, 2006) |
Dan Beutel
Voting Rights Forum Participant
Username: Dbeutel
Post Number: 3
Registered: 02-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 9:07 am: |
|
Heh... should have refreshed the thread before replying. It appears that Patrick made my point, albeit in a bit more detailed manner. Carry on :-) |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2374
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 9:32 am: |
|
Patrick, that's one of the best (and most comprehensive) explanations I've seen for why Open Source is not The Answer for solving the voting machine problems(and I am an Open Source advocate).
In particular I echo your point that most exploits do not rely on source code.
I appreciate your clarity on the advantages and disadvantages depending on whether a potential hacker is an insider or an outsider.
Dan, thanks for putting in your two cents worth, too. It's helpful to hear about your experience. |
Kathleen Wynne
Moderator
Username: Admin_ii
Post Number: 303
Registered: 08-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Friday, May 12, 2006 - 9:38 am: |
|
Michael,
Welcome to BBV!
I read through your comprehensive list regarding your experiences with testing of technology in machines used in the financial world; however, let me ask you this, have you read the transcripts of the testimony given by 2 of the 3 testing labs (Wyle and Systest) who test these voting machines in the recent hearing held in California?
If you haven't, I urge you to do so. Black Box Voting has commented throughout the testimony in response to what the representatives from both labs had to say when questioned by State Senator Debra Bowen about their testing procedures.
The original transcript with comments is 155 pages. So, in the interest of time, you might first take a look at the 6 page briefing paper BBV made available on our home page at the top right hand corner under the Hursti Report II. It will give you a taste of what we are dealing with when it comes to the procedures used by these labs when testing voting machines (as opposed to those machines used in the finance world). After reading this briefing paper, I think you'll have a better understanding for my concerns about outsourcing.
In the interim, let me simply say that what I meant by stating the report shows that we shouldn't be outsourcing our elections over to vendors and experts any longer was in response to the testimony given by the testing labs. It also stems from the statement given in the Conclusions and Recommendations of the report itself:
quote:It would be helpful to learn how existing oversight processes have failed to identify this threat.
It was citizen intervention that made it possible for us to find out that these security flaws had not been identified by the experts we entrusted to oversee the process. In fact, these flaws have existed for years without detection!
Based on these findings, BBV's position is that there should be no compromising of citizen oversight in every phase of the election process with any solution that will be offered in response to the reports findings. As it stands now, it's virtually impossible for citizens to have any real oversight in a process that's non-transparent and technically complicated, forcing citizens to be totally dependent on a testing labs thoroughness and competence, the vendors' integrity and the experts' expertise and willingness to tell us whether the process is working or not. It is that very dependency that helped facilitate the mess we find ourselves in now. It should never have happened, if the process was working as we were told it was. Obviously, it wasn't, so what do we do about it?
I say, let's not make the mistake of going down the same road on the same horse, but just a different color. Otherwise, we will end up right back where we are now and will have gained nothing from all the time, money and effort spent in bringing the truth about how broken the voting process actually is to the public's attention.
My analysis of the situation is that it will take citizen oversight of the highest form in order to make certain this sort of thing never happens again.
Kathleen
(Message edited by admin_ii on May 12, 2006)
* * * * * *
* * * * * *
* * * * * *
* * * * * *
TRIPLE PROTECTION FOR ELECTION 2006 - STARTING NOW:
(1) Use Freedom of Information, public records requests ("All American Paper Chase")
(2) Try Dumpster Diving for Democracy
(3) Candid America Project - Don't leave home without your camcorder
HOW TO DO IT: http://www.bbvforums.org/forums/messages/6/6.html
|
Jerry Berkman
Voting Rights Forum Participant
Username: Jerry
Post Number: 2
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 10:27 am: |
|
I support open source partly to stop vendors
and officials from claiming letting citizens
look at the data violates proprietary rights
or trade secrets or security.
With open source, or even publicly disclosed
source, those claims would be mute. |
Jim March
Moderator
Username: Jimmarch
Post Number: 171
Registered: 01-2005
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Friday, May 12, 2006 - 10:38 am: |
|
Three points:
* Slashdot has picked up the story and the tone of the conversation has mostly been both civil and technically accurate:
http://politics.slashdot.org/article.pl?sid=06/05/12/1228203
* On open source: just like the Diebold machines, a key concept is to make sure nothing is tampered with after the fact. In the TSx you flat-out cannot do so. It might be possible to set up an open source system built from the ground up on a better operating system than anything Microsoft has built, and then at the same time build a "checker routine" that could be downloaded by citizens and burned to CD to inspect the machines. Another possibility that has been kicked around is to have the entire operating system and application suite load from a CD-ROM disk held in one drive and burn results to a second. That way, on election morning the boot CD could be pulled out and checked on anybody else's machine, owned by the county, a political party, a citizen, whatever.
That might eliminate "rootkit and hacked bootloader" problems. Either type of malicious software can mask what's really going on (read: "what is REALLY on the disk?") but it has to be memory-resident to do so. The voting machine might have something memory resident but, for example, my personal laptop I'm typing this on hasn't been touched by Diebold or the like. So by putting the CD boot disk in my machine (not BOOTING off it mind you!) I can run hashes on it or do file compares with a known-good code set on my hard disk and be pretty sure I know what's going into that voting machine.
Sounds great, and certainly better than what Diebold does, but it still doesn't eliminate "funky stuff in the motherboard's hardware-resident bootloader". Only inspection following by sealing the case like a mini Ft. Knox would eliminate that...danged if I know how to make that practical.
Cause hey, it's only the security of the free world we're talking about...
* On efforts to seal up the TSx cases:
Elections officials in California and Pennsylvania seem to have figured out the implications of the eight standard phillips screws. This isn't going to be easy to "mitigate".
One, it may be a matter of closing the barn door after the horses have decided on a vacation. If the machines are already goofed with...oops. See, it's possible to plant a "general purpose hack enabler" up to years before. As one example, you could set up a weird combination of touchscreen points that when hit in order, brings up a menu to the effect of "OK, how do you REALLY want this to turn out?" right there in the voting booth or at any time the machine is turned on before the election and after the election setup info (candidate list and the like) is loaded. This window of opportunity is up to a week or more long.
Two, locking the case down isn't easy.
The finish on the TSx plastic cases isn't dead smooth, it's got a bit of a "satin roughness" which makes anything sticky less likely to stick. So the "tamper evident seal tape" has to be very delicate or it can be gently peeled and re-applied. But if it's too delicate it may not survive basic transit to and from the polling place. If enough of the seals "just break" then any fraudster knows that breaking the seal will be dismissed as irrelevent.
And then the tape itself has to be guarded like money in a bank vault, because anybody getting ahold of it can mess with machines.
The best way I can think of to seal a TSx involves putty epoxy across one or two of the screw-hole openings and then using some sort of small metal "branding iron" heated to melt into both plastic and epoxy putty in some pattern - county seal, whatever. Or on the cheap, have the elections official sign their name across the top with a soldering iron, melting into both plastic case and epoxy. Either way the time constraints are just crazy, you have to apply putty, wait for it to dry, then do the imprint. Might work OK in a small county such as Emery where Bruce only has 40 machines; in Alameda CA with 4,000 or San Diego with over 10,000? No way.
What they'll probably do is replace at least a couple of screws per box with "security oddball screws". My cellphone for example has weird three-pointed "phillips type" screws with "hooks" at each end...only a very strange proprietary screwdriver could get them out. (This is to cut down on cellphone "cloning".) Still, if I was motivated and had access to some medium grade steel and a Dremel tool (less than $30) I could carve a good enough tip to work.
The reality is that the Diebold cases were not designed to be sealed. They were designed to be easy to access. This was their decision, one of a number of questionable security-related choices.
* * * * * *
* * * * * *
* * * * * *
* * * * * *
TRIPLE PROTECTION FOR ELECTION 2006 - STARTING NOW:
(1) Use Freedom of Information, public records requests ("All American Paper Chase")
(2) Try Dumpster Diving for Democracy
(3) Candid America Project - Don't leave home without your camcorder
HOW TO DO IT: http://www.bbvforums.org/forums/messages/6/6.html
|
Bruce Sims
Frequent Voting Rights Forum Participant
Username: Ubetchaiam
Post Number: 770
Registered: 06-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 11:15 am: |
|
Kathleen, you wrote "As a result, citizens are now in a position to call into question all the other voting systems and work toward having them independently tested in order to find out whether they too possess similar security flaws as the Diebold voting systems."
1. Since activists have been calling the Diebold systems into question with little results except to be labelled 'nutcases'(or terrorists in Arizona), how and why does this latest report really change anything since the 'problem' is one of politics, not technology?
2.What is the 'position' you reference? How is it any different from the previous 'position' given that ,for instance, in CA, McPherson deliberately left out the Technical Panel's admonition to never leave the machine(s) attended to by just one person in his 'conditional certification for use'?
3.What does BBV suggest to prevent the machines-at least the Diebold machines given the report- from being used in an election since such vulnerabilities may be already present and cannot be determined in a timely enough manner before elections are held(or have been held); in other words, given this report, what is an 'activist' to do in the short term?
As a for instance, I challenged the San Diego Union Tribune to print the 'insidebayarea' report and they have not met that challenge. And the CA SOS still has nothing in terms of a press release or annotation to the 'voting systems' webpage addressing this reports findings.
Nor is there anything on Debra Bowen's website regarding this report and it's information and implications.
I just don't see how this report-and this is NOT to denigrate in any manner whatsoever all the effort and contributions and sacrifices made by those involved in producing this report-changes anything. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2375
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 11:56 am: |
|
Bruce those are spot-on fantastic questions.
You're in a better position than me to make suggestions as to strategy. At the very least, one key thing that this report changes is general public awareness of the issue, and knowledge by the technically-aware of just how severe the problems are.
This will ripple through the political landscape, even if it does not happen as fast as we would all like.
It will bring more scrutiny to the certification process, to the incompetence of the ITAs, to the unethical behavior of vendors and lobbyists, and to the irresponsible behavior of our politicians.
It will hopefully motivate more members of the public to tell their election offiicials and elected representatives that this is unacceptable, and to express this in whatever way is true to their spirit.
It shows how ill advised government is when they mandate a major IT project without any idea what they are doing.
It cannot be ignored by the media as usual. The story is already spreading beyond the blogosphere.
If election officials or their superiors keep using these completely insecure machines even after they know about the irreparable vulnerabilities then they will have no one to blame but themselves if Donald Duck gets elected someday or if they are held legally responsible for any future problems.
I'll go back to the most important benefit: AWARENESS. Without awarenss of the depth of the problem no change is possible. |
Jerry Berkman
Voting Rights Forum Participant
Username: Jerry
Post Number: 3
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 1:49 pm: |
|
Bruce,
Our Board of Supervisors is already likely to reject any contract with Diebold. We told them a year ago that Diebold was untrustworthy, and the Registrar said Diebold would be certified in a few weeks. Then his successor said the same thing. Now she's leaving and the Supervisors who didn't believe us in the beginning are starting to figure out we had it right. Every bit helps, and perseverance is the key. |
Bev Harris
Board Administrator
Username: Admin
Post Number: 4571
Registered: 12-2004
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Friday, May 12, 2006 - 2:49 pm: |
|
Bruce:
quote:1. Since activists have been calling the Diebold systems into question with little results except to be labelled 'nutcases'(or terrorists in Arizona), how and why does this latest report really change anything since the 'problem' is one of politics, not technology?
This report changes everything. Diebold is trying to spin it -- we now have their list of talking points which I will post below this post. This time, Diebold will be facing the entire U.S. scientific community, CERT, NIST, and the press.
quote:2.What is the 'position' you reference? How is it any different from the previous 'position' given that ,for instance, in CA, McPherson deliberately left out the Technical Panel's admonition to never leave the machine(s) attended to by just one person in his 'conditional certification for use'?
We expect to see many public officials ATTEMPT to use "workarounds" to address this.
If they do not address it at all in a meaningful way, this time they have made a career choice.
If they address it in an inadequate way, most likely we will release the unredacted version of the report.
quote:3.What does BBV suggest to prevent the machines-at least the Diebold machines given the report- from being used in an election since such vulnerabilities may be already present and cannot be determined in a timely enough manner before elections are held(or have been held); in other words, given this report, what is an 'activist' to do in the short term?
We know this has been a long, horribly frustrating fight. Black Box Voting has one more report to release, which will come out Monday. It, too, will have to pull a few file names.
Start the wires buzzing on this, folks. There is a mitigation. I have discussed it with several people at many levels and it is getting generally good reception -- but to implement a real solution instead of 60 percent workarounds, pressure from citizens and the press will be needed. I think it is doable.
Next Wednesday I would like to host a conference call among the top public organizing groups. At this conference call I will propose a specific plan of action.
We will need to have a second conference call on Monday or Tuesday the following week. In this call we need to put together our own emergency response team for the specific purpose of nuking the Diebold touch-screens and getting the replacement executed.
As everyone knows, Black Box Voting is generally incompetent as a lobbying or organizing arm. This is why it is so critical for the election reform community to work TOGETHER to execute this. Black Box Voting is generally effective at strategic initiatives and we have been visionary in the past, and we have the great good fortune to have had the opportunity to spend a couple hundred hours schmoozing with Hursti and friends to vet out real solutions achievable both politically and technically. |
Bev Harris
Board Administrator
Username: Admin
Post Number: 4572
Registered: 12-2004
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Friday, May 12, 2006 - 3:10 pm: |
|
Diebold's talking points so you can strike pre-emptively:
Here they go.
1. "These machines have been certified and tested both federally and at the state level."
(Refer to http://www.bbvreports.org/bowenhearing.pdf - the labs do not appear to have examined either the boot loader or Windows CE.)
2. If elections officials follow proper procedures and "best practices" this is not a risk. They just have to be careful that only the right people have access to the machines.
(Current practice is to send the machines home with poll workers for up close and intimate contact for a week or so. 'nuff said.)
3. We seal the memory card bays.
(But not the case. Opening the case renders the memory card bay seals impotent.)
4. An L&A test is does before and after the election and will catch any manipulations
(? Sound bytes for this old shoe fail me at the moment)
5. You can only do it one machine at a time.
(This is a tricky wicket. Untrue, and some scientists have sketched out concepts on the most efficient delivery mechanisms, but then jettisoned those for the same reasons we at Black Box Voting have decided on a policy to refuse to discuss them at this time. The fact that a self-altering boot loader is designed into the system at all is intolerable. For the same reason it would be inappropriate to publicly speculate about the most efficient mechanisms for delivering sarin gas into a crowd, we are not going to have a discussion about how to best achieve mass contamination of the system.
( Hursti: Anthrax sent through the mail was delivered one person at a time but no one said "Well then, don't worry about it.)
6. There have not been any incidents proven that any tampering has been done
(Let's step away to an entirely different exploit category, the Leon County hack. In that case, the elections supervisor was in the room and watching but could not spot it and it did not show up on any audit trail or report. Hursti was not in the room and was given no password.)
Mr. Petrocello from Los Angeles County also had this to say:
7. There is not wireless capability in the Diebold touch-screen machines.
(He cannot know this unless he cracks open the case and if he cracks open all the cases he invalidates the warranty. The truth is he doesn't know whether all of his machines are wireless-enabled, some of them, or none of them.)
8. (When I explained to him there are at least two different mechanisms built into the motherboard ready and waiting) He said that those things are probably there just like any TV or whatever, they are just generically put in there.
(These are voting machines, not TV sets, and everything in a voting machine is put there specifically for the purpose of use in a voting system.)
When asked if Los Angeles County had implemented any of the California emergency procedures he sounded like he was caught flat footed. He had no idea what those procedures are and appeared not to know whether they were even on the way. |
Joseph Hall
Voting Rights Forum Participant
Username: Joehall
Post Number: 84
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 3:15 pm: |
|
404 on the link in the last post to the ITA report. |
Bev Harris
Board Administrator
Username: Admin
Post Number: 4573
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 3:24 pm: |
|
doh. Fixed the url.
http://www.bbvreports.org/bowenhearing.pdf |
Bruce Sims
Frequent Voting Rights Forum Participant
Username: Ubetchaiam
Post Number: 771
Registered: 06-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 4:52 pm: |
|
Bev, I can only address San Diego. Mikel Haas,et al, HAVE staked themselves on this ground with the blessing of the County CAO(Chief Admin. Officer, who is the one who really runs the show; the Board of Supervisors has 'oversight' but there are MANY obstacles to them even having a conversation between staffs of the CAO and the BOS).
And McPherson was recently down here for a 'dog and pony' and the County Attorney's worked long and hard on mcPherson to do the conditional cert.
I will be sending the latest PDF to the BOS but I did the same thing with the initial Hursti Hack report and recieved deafening silence. It was also given to the Grand Jury-who said it wasn't in their purview to investigate)and the County DA who didn't respond at all.
I also copied the City Council reps, the City DA,Bowen,Umberg,all the other members of the committee who were deciding about subpoeaning the ITA's,the legislative analyst for the Senate committe on election reform,etc. with a cd of all my findings on the opscans used in the CA Nov. Special election 2005 (which show that the machines do NOT conform to the standards they supposedly were confirmed to AND other errors, including 'unknown memory cards being loaded into the central tabulator) ALL to no avail or interest on ANYONE'S part.
What is also VERY frustrating is that SD county has the right to cancel all contracts with Diebold after the June 6th election WITHOUT ANY PENALTIES but that idea/knowledge seems not be something the ROV ,CAO,BOS,et al want to consider.
I have started a 'meetup' group here in SD for election reform and hopefully will have someone available for your calls; I'm glad Jerry's BOS is slowly 'seeing the light' but until I see someone like Bowen calling news conferences and jumping up and down and screaming about this (why isn't just the costs associated enough to warrant outrage?)I'm one of those who 'believe it when I see it'. |
Bev Harris
Board Administrator
Username: Admin
Post Number: 4577
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 6:22 pm: |
|
Bruce, yes.
When I talk to wonderful citizens like Susan Pynchon in Florida, my heart and soul is thrown into scandal overload within 30 minutes. San Diego, Los Angeles County, San Bernardino County and Riverside County are much the same.
Isn't it interesting that there is a common thread amongst those three counties: Conny McCormack.
She was registrar of San Diego County before become registrar of Los Angeles County (but after being pretty much railroaded out of Texas while being investigated for election manipulation by the Texas Attorney General). The former Riverside County Registrar is doing a consulting business with the former San Bernardino County Registrar Scott Konopasek who, apparently, is Conny McCormack's brother-in-law.
The situation we all face is overwhelming. But once, when I referred to it as a giant beast to Harri Hursti, he told me no, it is a smaller beast. The number of people at the very core of this problem is smaller than most of us have been thinking.
I'm open to that line of argument. It underlines the importance of the next endeavor: Learning who knew what and when. |
Linda Franz
Frequent Voting Rights Forum Participant
Username: Linda_franz
Post Number: 319
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Friday, May 12, 2006 - 9:07 pm: |
|
"4. An L&A test is does before and after the election and will catch any manipulations
(? Sound bytes for this old shoe fail me at the moment)"
Unfortunately, what the latest Hursti report shows is that the systems are also VERY vulnerable during an L & A test.
Who's there, who's watching, and who's inputing to those machines?
What does the "test" mode really do?
And as I've pointed out before, an L & A test only tests a point in time- not an election.
An L & A test can only "verify" the L & A test.
The only "verification" possible for an election is a rigorous hand audit of the voter verified paper ballots. |
John Gideon
Frequent Voting Rights Forum Participant
Username: Johngideon
Post Number: 221
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, May 13, 2006 - 12:55 pm: |
|
What is Pennsylvania doing? I have been told that nothing has changed. TSx machines have been sent home with elections officials in preparation for the primary. No sequestering or lockdowns. One county election official has read the NYTimes article and is convinced that there are 5 passwords on the machines so no one can hack them. No security needed. End of story. Their primary is Tuesday.
I thought PA was going to be the poster child for all of this new security. Instead, it appears, they are doing nothing extra. |
Jason Aaron Osgood
Voting Rights Forum Participant
Username: Zappini
Post Number: 9
Registered: 12-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, May 13, 2006 - 1:02 pm: |
|
Harri, Bev, Kathleen, Jim, Anyone I've missed-
Good work. I'm not surprised by anything I read in the report. It's great to have it all public now.
I fully support your decision to withhold critical details. As you know, how to properly disclose exploits is an ongoing debate in the geek world. Since there are no institutions in place to handle the escalation of these issues, I think the precautionary principle applies.
Also, it's just plain smart. In the war of perception, you don't want to be tagged as irresponsible for letting the cat out of the bag.
The bootloader as supreme being metaphor is kind of funny. Has everyone here seen the movie Tron? If yes, then you may remember the efforts to take over the Master Control Program. |
Glenn McGahee
Voting Rights Forum Participant
Username: Glennmcgahee
Post Number: 2
Registered: 12-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, May 13, 2006 - 1:30 pm: |
|
Dear Bev and crew, I just sent you an article from Ft. lauderdale's Sun-Sentinel that was attributed to the Associated Press. This regards delivery of new and improved Diebold voting machines to 5 counties in Florida. The problem is that these are not the machines that were ordered and apparently that means they are UNCERTIFIED. These were delivered without notice that they were different with added features(?), and I guess that we have Susan Pynchon, of Florida Fair Elections Coalition, to thank for the heads up. Gonna make some calls but anyone have any idea what type of questions we should be asking about? And issues to raise? Here is a link to the article:
http://www.sun-sentinel.com/news/local/florida/sfl-fvote13may13,0,3071264.story |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 250
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, May 13, 2006 - 5:16 pm: |
|
John:
I can field that one for you from PA. Pennsylvania has always sent all materials home with Judges of Election on the Saturday before the election. The only exception has been really large voting machines (levers, Sequoia Advantages, Danaher 1242's) which are delivered to polling places in the whole week before an election. Of course, all those big machines have redundant serial numbered seals, keys, the whole schmeer. Some Danahers stay in polling places up to 8 days before an election. Whoever takes delivery of them puts them somewhere safe until the election. The seal number documentation is part of election startup.
Everything else, paperwork, poll books, etc, gets picked up the Saturday before an election. It has been that way FOREVER. That includes the old punchcards, ballots, everything.
Pennsylvania counties simply have no infrastructure in place for "election morning delivery" of the machines. The two options are 1) leave them potentially unattended in polling places, or 2) leave them in the hands of the precinct Judges of Elections.
I don't know what kind of cases these machines are in. Judges of Elections know it is a criminal offense to open a voting machine before election morning.
I'm not sure what else they could have done, with this short notice.
Besides, if we are at the point we suspect precinct Judges of Elections of being the perpetrators of an "inside job" we're all screwed anyway. By and large, these people are mostly making "final arrangements" with overpriced AARP life insurance advertised by Alex Trebeck, not tweaking boot loaders with PCMCIA cards. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2390
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, May 13, 2006 - 5:30 pm: |
|
Are Judges of Elections actual professional Judges? |
Joseph Hall
Voting Rights Forum Participant
Username: Joehall
Post Number: 85
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, May 13, 2006 - 5:38 pm: |
|
No, Catherine, it is a specific type of poll worker that is somewhat like a "supervisor" for each polling place. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2392
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, May 13, 2006 - 5:49 pm: |
|
Thanks, I always wondered about that.
I think it would be unrealistic to expect all Judges of Elections to be bastions of integrity, even though I'm sure many or most are. The election system should be robust enough to confound any who are not as wholesome as they ought to be.
Even if an Election Judge is perfectly upstanding, an election machine that sits in their home is not going to be under tight security. The person would probably be out working most of the day, for example. |
MH
Voting Rights Forum Participant
Username: Runner
Post Number: 1
Registered: 05-2006
Best of Black Box?
Votes: 3 (A keeper?) | | Posted on Saturday, May 13, 2006 - 7:01 pm: |
|
I’m a computer scientist and an election clerk who has helped many tens of thousands of citizens cast their vote on Diebold's AccuVote-TS (Touch Screen) voting machines through several election cycles.
Focusing on the voting machine “chain-of-custody” issue may be like worrying someone will break down your relatively secure back door to rob your house while ignoring the fact that your house has no front door at all and is open to the world. There may be a more accessible and innocent-looking security issue in the AccuVote-TS machine that some concerned computer scientists have disregarded because they have not observed an actual election with these machines. The Diebold system’s use of “smart-cards” provides an open door for any voter or poll work to commit vote fraud. Johns Hopkins University computer science professor Avi Rubin discusses “smart-card” issues in his voting machine security analysis ( http://avirubin.com/vote.pdf ) report.
What are smart-cards?
Smart-cards look like a credit card, but have an imbedded computer chip with data storage memory. Smart-cards and smart-card read/write devices are widely used in industry and government. The technology’s specifications are commonly available as are the cards themselves and card programming guides. It is the smart-card, as used by the Microsoft Windows PC based AccuVote-TS voting system, that offers an opportunity for a motivated person or group of people with some technical skill to commit voter fraud.
A smart-card read/write device on the Windows-based AccuVote machine is just another standard Windows controlled PC device, just like a PC’s hard drive or phone modem connecting it to the Internet. Anyone smart enough to hack a virus into Windows through an Internet browser or email could likely hack a virus or other code into Windows and/or the AccuVote-TS voting application itself through a smart-card read/write device with a specially prepared smart-card.
Why are smart-cards used for Diebold AccuVote-TS voting system?
The Diebold AccuVote-TS voting application is a "smart-card" activated, multilingual touch screen voting system that records votes on a removable internal flash memory card. As yet this Microsoft Windows PC based application does not produce a paper “ballot” receipt that voters can verify and deposit in a ballot-box for later “recount” verification of election results. If a voting machine’s flash memory is corrupted during an election then the election vote count is also corrupted on that machine.
In the AccuVote-TS voting procedure smart-cards are encoded with a "virtual" election ballot and given to each voter as they enter the polling place. Poll workers individually encode the smart-cards with the appropriate “ballot style” according each voter’s precinct number, political party and language after confirming the voter is properly registered to vote. The card is encoded via an AccuVote-TS machine and its standard smart-card read/write unit or small calculator-sized card-encoding device. The smart-card “virtual ballot" then defines the candidates and propositions for which the voter may cast their vote.
The voter then takes the smart-card to a Touch Screen voting machine and inserts it into the machine’s smart-card read/write device. The machine reads the smart-card and displays the voter’s election ballot image on its Touch Screen to allow voting. The voter then touches the check boxes by the candidate names to make their selections. Headphones for computer generated voice instructions and keypads are available for visually-impaired voters to privately cast their vote on the AccuVote-TS machine too. Before the ballots are finally recorded to the flash memory card the voter is given a final chance to review and change their selections.
When satisfied, the voter completes the voting process by touching the “cast ballot” button. When the cast ballot button is touched the vote is recorded on the flash memory card in the machine. The voting machine then writes a “voted” code on the smart-card, to ensure that it can only be used to vote once, and ejects it out of the card reader with a loud clunk. The voter then returns the smart-card to a poll worker who then re-encodes it with a virtual ballot for the next voter in line. Keep in mind that voters have physical possession of these smart-cards in private at the voting machine for up to several minutes.
When the polls close, a poll worker or election administrator uses a smart-card to put each machine into a post election mode where it no longer record votes. At this point, the administrator may instruct each machine to read its flash memory, where votes have been recorded, to tabulate and write a vote count summary on a cash register-like tape.
Depending on the local voting jurisdiction’s procedures the “virtual ballot box” flash memory cards are removed from each machine at the polling place and taken to a central tabulation facility or the voting machines are taken to the tabulation facility where the memory cards are removed. At the tabulation facility vote counts are read from each memory card and written into a central computer database where precinct votes are tabulated and aggregated. Some voting jurisdictions also allow the administrator to link the AccuVote-TS machine to phone jack to use the machines dial-up modem to transmit its vote data to the central tabulation facility. The flash memory card data and any printouts from the voting machines then become part of the official record of the election.
Why do smart-cards open the door to vote fraud?
Clandestine, but “properly registered,” voters could enter polling places normally, accept their legitimate ballot smart-card from a poll worker, go to a voting machine and simply insert their own “specially pre-prepared” smart-card into the voting machine rather than the legitimate ballot smart-card. When finished, the clandestine voter would return the legitimate ballot smart-card to a poll worked and exit the polling place.
A clandestine voter could insert a smart-card specially prepared with something as simple as a common Windows virus that would “crash” the voting machine. Poll workers typically are not trained to reset machines back into election mode so “crashed” voting machines would be closed until a technician could be summoned to “fix” the problem.
Such an attack, if mounted by multiple people, could temporarily shut down or slow voting at one or more polling places. For polling places in an area considered to favor one candidate over another, the attack could benefit the opposing candidate by deterring a large number of potential voters from voting.
Even more troubling - specially prepared smart-cards could possibly implement a programmed interface that delivers software code into the voting machine to change votes or other functions. Specially programmed smart-cards used by clandestine voters could, for example, change vote counts on voting machines. Simple software code that subtracts votes from one candidate and adds those votes to another candidate yields the same total vote count. This leaves no evidence or red flag to even suspect this simple vote data change occurred because total votes recorded in memory matches the total number of voters who entered the polling place.
A few voters at a few key polling stations near the end of the Election Day could carry out this type of smart-card attack. There would be nothing out of the ordinary to raise anyone’s concern that an election had been stolen. Malicious program code possibly could even be propagated to the central tabulation machine as it reads a voting machine flash memory cards infected via the same technique.
It is the simplest and most innocent-looking security breach that is often the most successful. Voting fraud using the smart-card, I think, qualifies as both simple and easy with a little advanced planning and preparation.
Any malicious-mind person could envisage this vote fraud scenario during a legitimate voting experience with this voting system. Anyone with a little technical savvy and understanding of Microsoft Windows could likely, in an afternoon, google all the information necessary to plan this type of attack. Smart-card blanks and smart-card read/write devices can be ordered over the Internet in a couple of days.
All the best chain-of-custody procedures, voting machine guards and security seals will not stop smart-card vote fraud hacks. Want more proof? Avi Rubin discusses various smart-card vote fraud hacks in greater in his security analysis ( http://avirubin.com/vote.pdf ) report.
Diebold can make this front-door security issue much less onerous by simply adding a data encryption and password protocol to the smart-cards and the voting machine software that reads and writes the smart-card data – it has none today!. A paper “ballot” receipt that voters can verify and deposit in a ballot-box for later “recount” verification of election results would be good too. |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 252
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, May 13, 2006 - 7:36 pm: |
|
Catherine,
MH is right. The chain-of-custody of the machine is the least of many worries. Most Judges of Election are retirees, and for the few that are not, we're talking about one work day, the Monday before the election.
One other point - these Judges of Election are not hired or appointed by the county unless it is to fill a vacancy. Normally, they are elected by the people of their precinct, in a partisan election held the year after the Presidential year. The current Judges of Election in Pennsylvania are just at the beginning of a new term. There will be vast numbers of brand new ones this year. Vacancies due to death or resignation are quite common. Reelection of incumbents running is almost at 100%. |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 253
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, May 13, 2006 - 7:48 pm: |
|
MH,
How much information is "out there" about what is on a legitimate "smart-card"? I mean, wouldn't I have to have intimate knowledge of what's supposed to be on there before I could even get the machine to accept it?
The PCMCIA attack seems to require the compromised card to be in the machine at boot-up. Wouldn't the smart-card vector likely require the same?
The one I do see as a BIG problem is the "crash it" approach to take out the machine in a precinct that is strong for the opposition.
Two other questions, MH, what is the actual typical time a voter spends at a TS? And how long (number of races) is a typical ballot in your state? |
Jim March
Moderator
Username: Jimmarch
Post Number: 173
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, May 13, 2006 - 9:25 pm: |
|
MH: the smartcard issue is most definately a potential "vector" for fraudulent code or data.
What's needed is real scrutiny of the source code, with a lot of eyeballs. The California senate elections committee hearing of 3-29-06 had Wyle and Systest basically confirming that they're not doing adequate code review.
North Carolina was poised to open the source code to at least some outside scrutiny. Diebold eventually backed completely out of that state. California is pondering a "forced public code disclosure law" and with the fallout from the 3-29-06 hearing there's a fair chance they'll get it.
If that in turn causes Diebold to pull out of the California market, I for one suspect that the political fallout will be more than they can take and still stay in the elections biz.
Then we'll look at the rest.
The real issue isn't so much the vendors, it's the test labs that passed all this sillyness. Once it's clear the labs are dysfunctional, it drives a stake into the credibility of all the vendors, not just Diebold.
* * * * * *
* * * * * *
* * * * * *
* * * * * *
TRIPLE PROTECTION FOR ELECTION 2006 - STARTING NOW:
(1) Use Freedom of Information, public records requests ("All American Paper Chase")
(2) Try Dumpster Diving for Democracy
(3) Candid America Project - Don't leave home without your camcorder
HOW TO DO IT: http://www.bbvforums.org/forums/messages/6/6.html
|
Bev Harris
Board Administrator
Username: Admin
Post Number: 4604
Registered: 12-2004
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Saturday, May 13, 2006 - 9:38 pm: |
|
John Gideon,
I, too, am hearing that they did nothing in Pennsylvania. To get to the bottom of this, one of the first questions to ask is how many machines total they had to re-flash and seal cases on.
Was it 1,000 machines? 10,000 machines? 500?
Knowing that number will tell us a lot just by doing the math.
Another way we can learn a lot is by finding out from the poll workers what was done to seal the case properly -- not the memory card bays, the case itself. I understood that there were to be six seals affixed to the casing itself, but that was second-hand info that may not be correct.
I'm sure the pollworkers will be able to see changes in sealing the casing, because if done properly it needs to be very obstructive.
Susan Pynchon of Florida Fair Elections Coalition gave us a very good analogy that can help the public understand just what is wrong here.
The bootloader problem can be imagined as the foundation of a house. The operating system problem can be imagined as the house itself, and the application (Ballot Station) as the furnishings in the house.
You can replace the furnishings with all new ones, as Michael Shamos claims to be doing, and you can even clean and repaint or renovate the house itself, as Michael Shamos claims he is doing by replacing the operating system.
But if the foundation of the house has at some point in the past become contaminated with radioactive waste, replacing the furniture, painting and remodeling doesn't do a darn thing to make it an acceptable place to live.
Pennsylvania was never going to deal with the potential radioactive contamination of the foundation. Their best plan was to remodel and paint and put in brand new furniture.
Still, it would be nice to know if they did even that. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2393
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, May 13, 2006 - 10:09 pm: |
|
That is a wonderful analogy! |
sheila solomon
Voting Rights Forum Participant
Username: Sheilas
Post Number: 2
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Saturday, May 13, 2006 - 10:48 pm: |
|
A note on people being less concerned about chain of custody. Early voting For a month?
Thats a pretty long chain.
and a chain is only as strong as its weakest link.} |
MH
Voting Rights Forum Participant
Username: Runner
Post Number: 2
Registered: 05-2006
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Sunday, May 14, 2006 - 7:03 am: |
|
Reply to V. Kurt Bellman’s question: How much information is "out there" about what is on a legitimate "smart-card"? I mean, wouldn't I have to have intimate knowledge of what's supposed to be on there before I could even get the machine to accept it?
Answer: It's too easy to obtain information about what is on a legitimate "smart-card." There are several ways a malicious-mind person could learn the protocol between smart-cards and voting machines.
After legitimately voting a malicious-mind person, instead of returning the canceled smart-card to a poll-worker, could return a fake card and take real card to reverse engineer the data on it. Actually, during a busy election when poll works are distracted with crowd control, some could just walk out with a card after voting.
Or, a legitimately voting person could take a commonly available calculator-sized card reader device to the poll and read the card before and after inserting it into a voting machine card reader – this yields what and how data changes during the voting process. On the “chain-of-custody,” if you think the machines are vulnerable, access to smart-cards, both voter cards and administrator cards, is even more likely – cards could be stolen or just read via a commonly available calculator-sized card reader device.
But, why go to that much effort to get the smart-card information...... Source code for Diebold’s AccuVote-TS voting system was posted on the Internet. This public posting is even discussed in Bev Harris’ book titled, Black Box Voting. Once posted on the internet the horse is out of the barn – the source code is in circulation to be found and used by a malicious-mind person or group. In fact, Johns Hopkins University computer science professor Avi Rubin’s voting machine security analysis report (http://avirubin.com/vote.pdf) has parts of the source code listed with explanations of how its used in the voting application – this includes the data found on the smart-card and the voting machine source code for “smart-card” data management. That makes it just too easy!
(Message edited by runner on May 14, 2006) |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 254
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 7:43 am: |
|
Sheila,
I don't know if your question and/or comment is directed at Pennsylvania, the main focus of this conversation, but if it is, Pennsylvania has no early voting at all on machines. NONE!
Kurt |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2398
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 7:55 am: |
|
I thought her point was about the challenge of having a secure chain of custody of the (presumably) paper ballots used for early voting, if early voting was possible for a one-month period of time. |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 255
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 8:09 am: |
|
Catherine,
The only chain of custody in PA for early voting is the mail process of the absentee ballot, or voting your ballot at the county courthouse itself, in the Election Office. There is no satellite location early voting of ANY kind in Pennsylvania.
Kurt |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 256
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 8:13 am: |
|
Bev,
The State of Pennsylvania has 16 counties using Diebolds, which comprise 1137 precincts. Only five counties are of decent size: Lehigh, 145 precincts; Lycoming, 86 precincts; Northumberland, 94 precincts; Schuylkill, 167 precincts (way too many for the population there); and Washington, 184 precincts.
The other 11 Diebold counties are severely rural backwoods areas - deer hunting country.
Kurt |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2399
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 8:14 am: |
|
The simplicity or complexity would depend on the tightness (or lack thereof) of the procedures for handling absentee ballots. E.g., degree of bipartisan observing whenever ballots are collected, stored, logs of who has access, bipartisan observers whenever the key to the ballot storage area is accessed, etc.
PA may have excellent chain of custody procedures but most places do not. |
Kathleen Wynne
Moderator
Username: Admin_ii
Post Number: 318
Registered: 08-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 9:04 am: |
|
Jim,
quote:The real issue isn't so much the vendors, it's the test labs that passed all this sillyness. Once it's clear the labs are dysfunctional, it drives a stake into the credibility of all the vendors, not just Diebold.
For sure the ITA's did not do their jobs and proved the certification process is a joke. However, it is my understanding that Diebold never disclosed the supreme entity feature to the ITA's. Wouldn't such an omission clearly make Diebold a bigger part of the issue than the ITA's? (I know it's a close race).
I accuse Diebold of the greater offense because of the way the architecture is designed like swiss cheese which could be construed as an attempt to keep the supreme entity hidden from detection not just from the bad guys but from everyone. Even if they say it was hidden this way in order to obstruct anyone from trying to exploit the system or for flexibility reasons, it still doesn't explain why they never told the ITA's about it. At least that's how it looks to a non-technical mind.
If it can be proven by the ITA's that Diebold never disclosed this feature to them, then doesn't this call into question whether this omission was intentional and therefore calls into question its intended purpose?
Wouldn't such an ommission be a case for the ITA's to sue Diebold for damaging their reputation? Now wouldn't that be ironic?
Kathleen
(Message edited by admin_ii on May 14, 2006)
* * * * * *
* * * * * *
* * * * * *
* * * * * *
TRIPLE PROTECTION FOR ELECTION 2006 - STARTING NOW:
(1) Use Freedom of Information, public records requests ("All American Paper Chase")
(2) Try Dumpster Diving for Democracy
(3) Candid America Project - Don't leave home without your camcorder
HOW TO DO IT: http://www.bbvforums.org/forums/messages/6/6.html
|
Paula Nelson
Voting Rights Forum Participant
Username: Paulagem
Post Number: 30
Registered: 01-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 9:13 am: |
|
Catherine: "If election officials or their superiors keep using these completely insecure machines even after they know about the irreparable vulnerabilities then they will have no one to blame but themselves if Donald Duck gets elected someday or if they are held legally responsible for any future problems. "
We've already got Goofy in the White House, Donald might be an improvement. |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 257
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 10:27 am: |
|
Catherine,
Now that I am no longer there, there is no bipartisan anything in my old county election office. Absolutely everyone in there is a Democrat. No Republicans, No Independents, No Non-Partisans. The Board of Elections has a Republican on it, but there is zero day-to-day involvement by the Board members. Bipartisan? Ha!
Kurt |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2402
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 10:34 am: |
|
If not bipartisan (or maybe nonpartisan?) at least there should be 2 observers signing logs for any access to keys, voting machine equipment or ballots. |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 258
Registered: 04-2006
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Sunday, May 14, 2006 - 10:53 am: |
|
Catherine,
That won't happen either. The new Director not only is a former Diebold sales rep, but she is married to a man who was convicted in a job selling scheme when he was a county elected official. He did quite a few years in federal prison.
She will be programming the DRE's by herself, without observation, she will design the absentee ballots by herself, without observation. She will be printing ballot sheets and programming cartridges for the DRE's over night or on weekends, by herself with no observation.
All because the county will not hire more staff for that office under any circumstances.
Only the L&A tests will be available for bipartisan observation, but no one will attend, because the county has 17 years experience with DRE's and everyone trusts them. |
Bruce Sims
Frequent Voting Rights Forum Participant
Username: Ubetchaiam
Post Number: 777
Registered: 06-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 1:04 pm: |
|
So Kurt, are you indicating that NO Diebold technicians program the DRE's ballot styles or memory cards? Hmmm.
And what 'counts' those ballots associated with "the mail process of the absentee ballot, or voting your ballot at the county courthouse itself, in the Election Office." A Diebold opscan machine perhaps? |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 260
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 1:12 pm: |
|
Bruce,
Nope. All are counted by hand. No scanners.
They are counted at the precinct at election night close, and again in the central office by hand, with observers invited, during the official canvas that begins the Friday after the election.
And yes, I am saying that Diebold reps are NOT programming the databases. The news stories from last week in the Allentown Morning Call said as much.
Kurt |
Kate Spark
Voting Rights Forum Participant
Username: Maroon1
Post Number: 1
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 1:17 pm: |
|
To Bev:
Hello. I am new to the board, and I am sure I know far less technologically about the machines you are discussing than all of you do. However, I do live in Washington, PA, the seat of Washington County. Washington County is the new "proud" (tongue in cheek) recipient of 700 new voting machines, the Diebold AccuVote TSX. I am less than thrilled with the way our local officials are handling the most recent security issue. We will be having a "tapedown" of the memory card slot on May 16, Primary Election Day. As far as I can tell, from what our local paper states, that is about all that is going to happen to ensure an honest vote.
The City of Washington itself is populated by a little ouner 15,000 residents. Washington County, in most recently documented census figures, sports a population of roughly 265,00, if I am not mistaken.
Our local paper, The Observer-Reporter, printed an article yesterday entitled,
"The joy of being a guinea pig"
http://www.observer-reporter.com/main.asp?SectionID=6&SubSectionID=15&ArticleID= 18610
and I was infuriated at the lackadaisical tone of the article. Our paper allows comments at the end of an article. My husband and I both submitted comments regarding the problems with the TSX, and voicing our concerns that the local paper was not covering the issue properly - that perhaps local officials appeared to lack the proper knowledge or remedies. We stressed the problems, as addressed by Avi Rubin and Michael Shamos, in hopes that the paper could relate to the CMU connection. We also indicated that this is an issue being reported on nationwide, by many news organizations including AP, Reuters, WSJ and NY Times. Alas, our comments have not been printed and I believe I know why; the local officals seem to view these machines as not having any kind of serious problems, despite numerous objections to their purchase and use by many within the community. Our local paper also does not respond well to what they view as "radical" opinions, or "conspiracy theories". Ahem. However, the biggest problem is that the overhwhelming majority of people here seem to be uninformed, which is precisely why I noted to the paper they had a responsibility to report the security issues with the TSX properly and accurately.
We had previously written to the Washington County Commissioners about our concerns, and received a form letter in response, explaining how "intuitive" the machines were, and how they county had to comply with HAVA. The local election official, Larry Spahr, is clearly in over his head. From what I have read in the Pittsburgh Post Gazette, so is Pedro Cortes of the State of PA Elections, who rates the most recent security problems as "a low risk of potential security". We cannot get anyone at a local or county level to take this situation as seriously as they should.
I feel no confidence whatsoever in the ability of our local officals to address these situations. I will be unable to vote in the primary, as I do not affiliate with any party. My husband will not be able to vote either. At this point, we wish we could, so we could see how the voting machines operate and how poll workers handle any problems that may occur. We woulkd also like to view the machines on Primary Day. I know they have reduced the number of workers for the evening of the election and have also reduced the number of paper ballots that will be available the day of voting.
I have a list of local articles that demonstrate well my concerns over our community's ability to receive a fair election. The articles relate how Larry Spahr is handling the new voting situation and any anticapted "problems" with the TSX, if anyone is interested. There is one article I cannot find, which described a recent "problem" with the building housing the voting machines. I truthfully cannot remeber what the problem was - if it was damage to the building, or something else. I just know that at the time I read the article, it was of concern to me because of these machines being housed there. |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 261
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 1:21 pm: |
|
Wow, I am stunned by the relative silence now.
Here we have a firsthand account of a county election director, married to a convicted felon on corruption charges, running an office that is all single party, who will have no observation of what she is doing in, on, or around the DRE machines, and no one seems to care, because that single party is Democratic?
Is that what this is all about?
Does no one feel ashamed by the double standard?
This county, Berks County, Pennsylvania, has a more direct evidence of a corrupt situation than anything that happened in Ohio, and no one hereabouts gives a damn.
Shame. |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 262
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 1:44 pm: |
|
Kate,
I know Larry Spahr. I have served on boards with Larry. Larry is a decent honest career public employee. He has never struck me as particularly adept in technological matters. He will likely repeat what he is told, and not investigate things himself. He is good about "not making waves" when his superiors tell him something.
He had no role in choosing Diebold other than arranging for the presentations of the various vendors. Your Commissioners chose Diebold. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2416
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 1:47 pm: |
|
Kurt, I thought it spoke strongly for itself! It is horrible--I thought that was obvious from what you posted. I do not appreciate that you sometimes infer partisan responses that are not there.
I assume from your response that there would be no legitimate chain of custody of the ballots, though you never addressed this directly. So much for any validity of the early voting ballots.
Without a well-documented chain of custody, the fact that they are hand-counted is irrelevant. If this person has such complete control over access and there are no requirements to have at least a log and 2 people, how can anything ever be assured? |
Kathleen Wynne
Moderator
Username: Admin_ii
Post Number: 319
Registered: 08-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 1:47 pm: |
|
No, Kurt. I honestly doubt the silence has anything to do with partisonship. Give it a little time. Since, this is Mother's Day, I bet many of our members and visitors are probably spending time with their Mothers instead of posting on BBV!
Since you are here, check out what Kate Spark of PA had to say about the reaction by the local media and the election officials in her County to the Hursti Report II. Sounds like these election officials are not getting it and are happy to remain willfully ignorant of what they are dealing with regarding the TSx machines and how vulnerable they are. I find the newspapers' decision not to post Kate's response to the news article very telling also. An all too familiar scenario that occurs among local media, election officials and citizens throughout the country.
Any comments on what she had to say about it?
Kathleen
* * * * * *
* * * * * *
* * * * * *
* * * * * *
TRIPLE PROTECTION FOR ELECTION 2006 - STARTING NOW:
(1) Use Freedom of Information, public records requests ("All American Paper Chase")
(2) Try Dumpster Diving for Democracy
(3) Candid America Project - Don't leave home without your camcorder
HOW TO DO IT: http://www.bbvforums.org/forums/messages/6/6.html
|
John Dean
Frequent Voting Rights Forum Participant
Username: Bozosforbush
Post Number: 398
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 1:47 pm: |
|
Well, I need to jump in for a moment.
It certainly is ridiculous, regardless of party, but has anyone verified it?
Kurt, can you provide links for verification?
John |
Kathleen Wynne
Moderator
Username: Admin_ii
Post Number: 320
Registered: 08-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 1:49 pm: |
|
Kate,
Welcome to BBV! Thanks so much for letting us know about your experiences in PA after the Hursti Report on the TSx machines was released.
I have to rush out right now, but when I get back I would like to respond to your post and maybe ask a few questions as well.
Kathleen Wynne
* * * * * *
* * * * * *
* * * * * *
* * * * * *
TRIPLE PROTECTION FOR ELECTION 2006 - STARTING NOW:
(1) Use Freedom of Information, public records requests ("All American Paper Chase")
(2) Try Dumpster Diving for Democracy
(3) Candid America Project - Don't leave home without your camcorder
HOW TO DO IT: http://www.bbvforums.org/forums/messages/6/6.html
|
Bev Harris
Board Administrator
Username: Admin
Post Number: 4611
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 1:53 pm: |
|
Kate,
If all they are doing is taping over the memory card bay (without sealing the case of the machine about 10 different ways) then the whole exercise is pointless.
It was somewhat pointless anyway, but here's what has to happen next:
Evidence.
Get evidence.
Somebody needs to get photographs of these machines and exactly what was done to seal the casing -- NOT the memory card slot, the casing.
Evidence, in the form of a written yes or not response from public officials, needs to be obtained as to whether they reloaded the operating system and the software from a pristine version.
Not that that does much good if the bootloader has been contaminated at any time in the life cycle of the machine.
Also -- evidence -- get the serial numbers of every machine in your county and/or in Pennsylvania. That is a public record. We have now identified the serial number block that corresponds to machines delivered to California in 2004 and we have now confirmed that a percentage of the machines delivered elsewhere are throwbacks to the 2004 California serial number block.
The relevance of the serial number blocks is twofold: The longer the machines have been around the more opportunities there have been to contaminate the bootloader -- and remember, that contamination will affect the machine for life.
Also, there was a 100 percent correlation between the Emery County machines with something else loaded on them (no memory storage left) and a specific serial number range. |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 263
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 2:10 pm: |
|
John:
Links? The local newspaper won't even print the facts about the Election Director's marriage to the corrupt former elected official. Only insiders even know about it. She continues to use her maiden name, even though she has been married to him since before he was incarcerated. Those who have pointed it out on local talk radio have been bleeped out with the 7-second delay. The local media is "over-the-top" pro-Democratic.
The Reading Eagle (newspaper) does not consider any of it to be relevant. They also touted her "vast experience" as a benefit to the county. That vast experience was as a sales rep for Advanced Voting Solutions (she sold Fairfax Co., Virginia) and later Diebold.
The party of registration of the election office employees is a matter of public record, but not on the web.
That she will do all these things by herself is actually a matter of county policy, and the fact that the only other non-union employee who could also work overtime to observe, refuses to do so. The county will not authorize overtime for union employees. |
Barbara Bellows-TerraNova
Voting Rights Forum Participant
Username: Bellterr
Post Number: 1
Registered: 05-2006
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Sunday, May 14, 2006 - 2:18 pm: |
|
I'm writing from Salt Lake City, Utah, the state where Bruce Funk requested this examination and report.
Yesterday, Saturday, my husband and I went to the Utah Democractic Convention with 100 copies of the report to distribute to state party officials, candidates, campaign managers, and delegates, along with this accompanying article:
The time has come, Democracy said, to talk of many things:
Of Diebold, Funk, Ohio’s Ney,
Of Abramoff buying kings–
And why HAVA cannot matter–
Since the warnings that Hursti brings.
Okay, no more beating around the Bush – this week Utah’s Emery County Clerk, Bruce Funk, is redeemed.
Perhaps you’ve heard of him. His March 23rd announcement that he would not use the Diebold voting machines Lt. Governor Herbert sent him caused an emergency closed-door meeting on March 27th with Diebold, the Emery County Commissioners and Counsel, and Michael Cragun, Elections official from Lt. Governor Herbert’s office – but not Funk.
When the doors were finally opened, Funk was told to use the Diebold machines. Unwilling to accept responsibility for their security, he threw it back on the Commissioners, who later insisted that was his resignation.
This all happened after the March 18 posting at www.blackboxvoting.org of an initial independent evaluation of Diebold’s TSx by Harri Hursti, Finnish computer security expert, and Security Innovation (consultant to Symantec, McAfee and Microsoft), based on their examination of two of Funk’s 40 machines, at his request.
For that, Diebold punished Emery County with a $40,000 fine. Yet none of this was reported by Michael Cragun on April 19, before the State Government Operations Interim Committee, updating the legislature about the voting machines implementation, with Bruce Funk seated nearby.
But this week, the final report from Hursti/Security Innovation is out, again at www.blackboxvoting.org, detailing “multiple backdoors built into the system”, and Bruce is mentioned, with great respect.
Last weekend, Brad Friedman of BradBlog.com, the uniquely diligent investigative blogger, reported that early word on Hursti’s report prompted Pennsylvania voting system examiner Dr. Michael Shamos to force acknowledgement of the problems out of Diebold. Pennsylvania Secretary of State Pedro Cortez then issued a Security Alert for the Diebold machines and a lock down of the equipment before this week’s primary.
The jig is up. Diebold machines, currently creating chaos in primaries, allow voting results to be altered – easily, quickly and undetectably, without passwords.
For several years, computer scientists have warned the technology isn’t ready yet, especially because the vendors’ work harder at securing large contracts than securing election integrity.
Those large contracts have been prompted by HAVA, the Help America Vote Act. Notice it isn’t called the Help America’s Votes Get Counted Act.
In fact, Congressman Bob Ney, of recent Abramoff infamy, was a co-sponsor and author of HAVA, just when Diebold paid $275,000 to Abramoff at Greenberg & Traurig, to push for electronic voting machines in HAVA – with no verifiable paper trail. Meanwhile, Diebold donated heavily to The National Federation of the Blind, pushing accessibility before security.
Compliance with HAVA may be impossible, requiring the disabled to have “the same opportunity for access and participation (including privacy and independence) as for other voters”.
Ponder this: Can a voting system that serves individuals who are blind, also serve those who are deaf, as well as those in wheelchairs, and with dexterity issues? – And without assistance with no chance of someone seeing their votes.
So, HAVA was written with absurd standards by a corrupt Congressman, under the influence of cash from a corrupt lobbyist, paid by Diebold, a company that corruptly sold uncertified software to California for the 2004 election (and settled out of court for $2.6 million), whose machines are revealed to be corruptible – with Bush’s most important election, legacy-wise, only months away.
New York State has demanded and received postponement of its HAVA compliance from the Department of Justice. Utah needs to do the same.
(Barbara Bellows-TerraNova is a working mom whose side-mission it is to know more, and then share it – So, in October 2004 she performed her One Person Patriot Act, "Know Bush: Launching Facts That Shock and Awe" in Salt Lake City.)
Sources:
Initial Hursti/Security Innovation Evaluation, dated March 18, 2006: http://www.bbvforums.org/forums/messages/1954/19673.html?1144430968
Security Innovation clients: http://wwwsecurityinnovation.com/pdf/credentials.pdf , page 11
News of Upcoming Hursti/Security Innovation Report, Pennsylvania, Shamos & Cortez:
http://www.bradblog.com/archives/00002787.htm#More and
http://www.mcall.com/news/local/lehighton/all-1schuylkillmay04,0,7235865.story?c oll=all-newslocallehighton-hed
Hursti Diebold TSx Evaluation, May 11, 2006: http://www.blackboxvoting.org/BBVtsxstudy.pdf
Abramoff/Ney/Diebold connection: http://www.freepress.org/departments/display/20/2006/1702 and
http://www.rollingstone.com/politics/story/9519825/meet_mr_republican_jack_abram off?rnd=1144952282375&has-player=true
HAVA Requirements: http://www.eac.gov/docs/HAVA%20Programs-HAVA%20Use%20Restrictions.pdf
New York Delaying HAVA Implementation:
http://www.votetrustusa.org/index.php?option=com_content&task=view&id=1246&Itemi d=113
Diebold settlement with California: http://www.nctimes.com/articles/2004/11/11/news/state/19_50_1411_10_04.txt and
http://www.diebold.com/news/newsdisp.asp?id=3118
Interview with Bruce Funk 03/31/06 and Present at Committee meeting 04/19/06.
I believe what's essential is to get this information out. Even in Salt Lake, the coverage is extraordinarily limited. But we can change that. . . |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2419
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 2:34 pm: |
|
Hi Barbara, this is outstanding. It is very impressive how you're able to highlight so many key issues with clarity and just a few words.
Keep us posted what kind of response you get. |
John Dean
Frequent Voting Rights Forum Participant
Username: Bozosforbush
Post Number: 404
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 2:56 pm: |
|
I agree, Barbara, that's an excellent summary! Best of luck in the fight! |
John Dean
Frequent Voting Rights Forum Participant
Username: Bozosforbush
Post Number: 405
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 2:57 pm: |
|
Kurt, if you would email specifics to me at sluggojd@sbcglobal, I'll try to verify it within 48 hours.
ON EDIT - for the record, I'm a Dem, and I will always be a Dem. But this issue should be and must be non-partisan.
John
(Message edited by Bozosforbush on May 14, 2006) |
Kate Spark
Voting Rights Forum Participant
Username: Maroon1
Post Number: 2
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 2:59 pm: |
|
Hi Kurt!
I realize Larry did not choose the machines - I am very well aware our commissioners made that decision. The issue at this moment is not who chose our machines, but how the elections will proceed. I feel Larry is unable to appreciate the problems which may occur. This has absolutely nothing to do with his personal character; it has everything to do with the ability of all involved here to participate in a fair election process. Based on Larry's recent comments, it makes me question whether he knows what is really "going on" with the new machines. And, as you state, I believe he is "repeating what he is told" by the State's Election Officials. But, that also does not address the problems.
I should add, my husband works for a worldwide networking company, in the main computer room of their world headquarters, as a computer operator/analyst, and his concerns over voting in Washington are grave. We intend to exercise our right to address the decisions made in selecting this voting machine on Election Day in November, through careful selection of candidates. If necessary, it will be through the use of absentee ballots.
So far, before Election day, this is what has occurred:
"After receiving a directive from the Pennsylvania Secretary of State, Washington County found through testing that two of its 700 new Diebold AccuVote TSx touch-screen machines had to be fixed to avoid a potential security problem.
Secretary of State Pedro A. Cortes notified counties that purchased the Diebold touch-screen machines last week of a "potential security vulnerability in the system installation and upgrade mechanism" that could allow unauthorized software to be loaded into the system. Larry Spahr, Washington County elections director, said the problems were found during logic and accuracy procedural testing.
"They had the wrong motherboard," Spahr said. "Both were corrected.
Leslie Amoros, spokeswoman for the Department of State in Harrisburg, said Cortes issued the directive "as a proactive step. Diebold notified the department that there was a very low risk of a potential security vulnerability.
"The department issued the directive to ensure all precautions are taken to have a secure and accurate election."
Washington County will be delivering voting machines to the polls and local election officials on Friday and Saturday. State law says the machines are to be delivered no later than 24 hours before the May 16 primary.
Memory card doors on the machines are to be kept locked until unlocked by the local election board.
The slot designed to accept the voter access card for the Diebold system will be sealed with tape, to be removed by judges of election between 6:30 and 7 a.m. Tuesday, when voting begins."
05/10/2006
"Scott Fergus, Washington County director of administration, said the usual 50 ballot inspectors will be replaced during the May 16 primary by 15 election night workers who will be paid $75 each. Majority commissioners formerly had the opportunity to appoint 30 ballot inspectors, while the minority commissioner could appoint 20.
With the advent of electronic touchscreen machines, each county commissioner will be able to choose five election night workers.
The canvass board, formerly numbering 12, will be reduced to nine. Workers, commonly known as the "recount board," who begin their task the Friday after the election, will be paid $50 per day.
Larry Spahr, Washington County elections director, said the canvass board will no longer have to decipher handwriting for write-in votes because write-ins will be cast by touching the screen. The canvass board still will have to record official results for each race in each precinct in a docket and check absentee and provisional ballots.
Washington County elections officials performed diagnostic testing on all 700 of the Diebold TSx touchscreen machines they received. Six machines that were found deficient will be replaced before the primary.
Spahr said one screen didn't work and two machines had no audio capacity. He was unsure about the types of problems encountered with the remaining three machines.
"Six replacements will be sent," Spahr said.
In case of an emergency at the polls, Spahr said, each precinct will be given 50 Democrat and 50 Republican paper ballots. The ballots would be counted by an optical scanner.
05/04/2006
"Susan Ruether, president of the League of Women Voters and a local election board member who has trained in the use of the machine, announced at the beginning of the forum in the Chartiers Township building that the demonstrator model wasn't cooperating.
"The encoder will not let us get into the machine," an embarrassed Ruether told the crowd of the card system that is part of the touch-screen machine.
And although a league member tried repeatedly to activate the device as Democrats Paul Walsh and Jesse White and Republican Paul Snatchko spoke during the hourlong forum, the machine, which was not equipped with a power cord, eventually succumbed to a dead battery.
To cast a vote, each voter receives an ATM-like card encoded for the primary as a Republican or Democrat ballot. A diagnosis Tuesday at the Washington County elections office showed the encoding device was in fact to blame for the hang-up.
"They get bounced all over the place," said Washington County Elections Director Larry Spahr on Tuesday afternoon, noting that the demonstrator machine will soon be headed to Carbon County, in Eastern Pennsylvania, which also has purchased the Diebold AccuVote TSx.
Washington County took delivery of 700 of the machines last week, and none of the newly manufactured models will be used as demonstrators, Spahr said.
Local elections boards, however, will receive two encoders for the May 16 primary so that each precinct has a back-up. On primary day, the machines will be plugged into electrical outlets, and back-up batteries are supposed to allow the machines to be used during an outage.
No one knew for sure where the problem lay Monday night, but the fact that the machine's debut at the candidate forum was inauspicious didn't sit well with some vocal members of the electorate.
"I was very disappointed, but not surprised," said Benita Campbell of Burgettstown, who said the presence of the new voting machine was a big factor in her decision to attend the forum.
"I'm just astounded no one has truly challenged the fact that our voting system has become privatized. The vendor is counting the votes, the vendor knows the source code. I think that is very troubling for our democracy."
Campbell said she plans to cast an absentee ballot in the primary.
Andrew Schrader, a Democratic committeeman from Cecil Township, had attended a previous get-acquainted meeting at Courthouse Square for those curious about the new voting machines.
"I just have questions about it," Schrader said. "What happens tonight is what scares everybody. Everybody has a computer in their home that freezes or crashes.""
04/26/2006
These issues are from only 3 recent articles on the machines. Given the lack of apparent knowledge by our county officials, as indicated in the articles, I feel I have to question the process, no matter who personally is involved.
I am sure these problems could be worse (from all I have read), but adversely, they do not inspire a feeling of trust and security about voting. I decided to post, as people were asking how the counties in PA using the TSX were handling the issues. And unfortuntely, Washington, PA is not a garden party lately. Washington County currently employs a veteran DA being investigated by the FBI, charges unknown by the public. Local officals, local authorities, the police, etc. have been questioned but no further information will be given out on the matter. Community members have recently expressed public dismay and concern over corruption and abuse of authority in our area.
Given the last (or two most recent) Presidential elections, I have little confidence in public officals, and I have major concerns over the voting process here and across the country. |
Kate Spark
Voting Rights Forum Participant
Username: Maroon1
Post Number: 3
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 3:17 pm: |
|
Hi Bev!
Thank you for your instructions. One question for you - if I am not voting in the primary, do they have any right to turn me away from "viewing" the machines, to photograph them?
I have not heard of the casings being addressed as an issue by the officals here in Washington at all. |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 264
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 4:02 pm: |
|
Kate,
I think you're right. Larry might be in over his head.
"They" do have a right to turn you away from viewing or photographing the machines in a precinct. Unless you are a voter in that election, the only way you may be in a polling place if you are not working on the precinct election board is if you are carrying a "Watcher's Certificate" which must be issued to you by a candidate on the ballot. If you have one of those, you may be inside the polling place, but may not bring a camera.
There is no way any "unaffiliated" or "independent" person may observe anything in a polling place in Pennsylvania. No out-of-county, out-of-state, or international obervers are EVER allowed, unless they are Department of Justice observers authorized by a court. |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 265
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 4:28 pm: |
|
John,
Your email address has no domain suffix.
Kurt |
Kate Spark
Voting Rights Forum Participant
Username: Maroon1
Post Number: 4
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 4:34 pm: |
|
I want to say, if I did not before, "Thank You" to Kurt, Kathleen and Bev, and anyone else as well, for the welcome. I turned to your website in deep frustration after hearing of the Hursti/Security Innovation Report, and the subsequent "lack of a response" from the local paper.
I would appreciate any ideas you may have that can help me obtain this machine information/get photos. I am trying to think of who I know (well enough to ask this of them) who is registered by party, and who would also have the ability to comprehend what in the world I am talking about, lol. Oh that sounds so sad... but true.. Another question: is Westmoreland County using Diebold? I had that information previously, but my old hard drive crashed a couple of week ago and it is on there . I have not yet finished retrieving the data from the drive. |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 266
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 4:51 pm: |
|
Kate,
I'll think about the pictures thing. Will a picture of the county office demo unit do? I assume not. You're looking for "real world" stuff, I'd guess. Maybe in November.
Westmoreland is NOT using Diebold. They are using the ES&S iVotronic. That might be better; it might not.
For a comprehensive Pennsylvania map, see:
http://www.dos.state.pa.us/voting/cwp/view.asp?a=1218&Q=446365
Kurt |
Kate Spark
Voting Rights Forum Participant
Username: Maroon1
Post Number: 5
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 5:18 pm: |
|
Kurt,
Thanks for the map, it is greatly appreciated. I am wondering if a cell phone with picture capability would do the trick for photos. I cringe to think of waiting until November. We have "supposedly" brand new machines here right now. It would be better, in my opinion, not to have to wait. And I have little precious time to find a way to accomplish anything before the primary in two days.
Our 3 commissioners chose Diebold ONLY as a cost issue over other systems. Unbelievable - cost! If anything goes wrong on Tuesday, I hope the public is aware of their part in making these decisions. I feel they made the worst possible choice. I have never spoken with Larry personally - my husband and I have been expressing our concerns to the commissioners and the local media. We started in on the issue long before the Hursti report came out, but we got nowhere. Trying to accomplish anything or find out anything in Smalltown PA, that goes against the current community edict, is like pulling teeth. |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 267
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 5:28 pm: |
|
Kate,
_Some_ people on this site seem to have a hard time believing that "the majority" of people aren't concerned about this issue. I take from your tone that you are becoming quite frustrated about this? Can you confirm for some of the readers of this site just how "sheeple"-like Pennsylvanians can be? It seems getting anyone aroused by electronic voting has to get in line WAAAAY behind property taxes, the legislative pay raise, $3 gas, "The Stillers'" draft choices, abysmal pay increases, job outsourcing, and about a million other things. Those of us who care about this issue are a rare breed indeed in my experience here. And I used to DO the job Larry does for Washington Co., here in Berks. No one seems to care, and I don't know fully how to interpret that. |
John Dean
Frequent Voting Rights Forum Participant
Username: Bozosforbush
Post Number: 407
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 6:05 pm: |
|
LOL, I knew I needed a nap.
sluggojd@sbcglobal.net. |
Samuel Scharff
Voting Rights Forum Participant
Username: Abacus
Post Number: 32
Registered: 08-2005
Best of Black Box?
Votes: 1 (A keeper?) | | Posted on Sunday, May 14, 2006 - 6:17 pm: |
|
Why people don't see?
An interview
Cesca: why is it so unthinkable that machines can be manipulated to influence the outcome of a presidential election?
Miller: Because it can't happen here. That's the creed we're up against -- a creed based on an absolute estrangement from the wisdom of the Framers. The republic's founders understood that "it" can always happen anywhere, including here. That, indeed, is why they had the wit, and took the trouble, to devise our system with its checks and balances. They would have been amazed that anyone could be naive enough to say that "it can't happen here." As that notion is based not on reason or on history but on ideology, it doesn't matter if the risk is wholly plausible--not even if you have a wealth of evidence to make the case that it has happened here. In fact, resistance to that case seems to grow more intense the stronger it becomes. It's a faith-based notion, and so evidence and logic by themselves cannot dislodge it. The only way around the problem is to give up merely arguing with those who keep refusing to believe it, and to take the case directly to the people, insofar as that is possible. I think the people grasp that what has happened here has really happened here. It's those who have a strong material and psychological investments in the status quo--politicians, media types--who won't accept reality.
A Conversation With Mark Crispin Miller
HuffPo 12/12/05 Bob Cesca
http://www.huffingtonpost.com/bob-cesca/a-conversation-with-mark-_b_12134.html
Regards |
Kate Spark
Voting Rights Forum Participant
Username: Maroon1
Post Number: 6
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 6:19 pm: |
|
Kurt,
Bah, Bah... it is so true, sadly so. I am not originally from PA, my husband has lived here all his life. I am from RI and New Englanders are a world away from Pennsylvanians. When I moved here, my husband said, "Welcome to PA. Set the clock back 200 years". And, he was correct.
Everyone here is "go along to get along", everyone is so "nice". One time, a comment in the paper criticized the Town Treasurer, who was the wife of the Mayor (both in office together, huge financial mess). Reader after reader furiously wrote in to respond "how dare they criticize her, she is my friend, she is my neighbor, she is the Mayor's wife... she is so NICE". The "critic" was assessing her inability to perform her job even adequately. The "critic" had not attacked her as a person. People lost their minds. This is the mindset here, folks.
I have grown a mild aversion to the word "nice" since moving here. It is overused and overrated. They are not "that" nice - they are truly sheeple. They are all still drinking the Kool-Aid, seriously.
I was always a Democrat, but I do not party affiliate; I am moderate. I choose individuals, usually Democrats. I grew up in a hugely Democratic, Catholic dominated state, bordered by other hugely Democraict states. I know Democrats when I see 'em. The Democrats here are like "little Republicans in disguise"; they vote traditionally Democratic as their parents did. Their parents were often blue-collar, union workers or farmers. They do not want to "violate" the family party. But these Democrats are a strange new breed to me; they espouse many values of conservatives/Republicans, are very Faith-Based, and are almost always pro-life and pro-gun, the "hot button" issues. Not tring to get into partisan politics, but I am trying to explain the people here.
This explanation, hilariously enough, was provided to me by a commissioner, who I asked one day to help me with my confusion over why these Democrats were so far removed in theory and practice from those I lived around all my life.
The local paper will deny partisanship, but it is very Republican, in a "Democratic" town. Go figure. I still do not get it somedays, and get very frustrated, especially over important issues.
In PA, the issues are exactly and all of what Kurt stated, just add in "Seniors" issues, Medicare, Prescription Drugs, Health Insurance, Farming/Argriculture, Poor Roads and Bridges, and WEATHER! Weather is the biggest deal here than I have ever witnessed elsewhere. Steelers Football is GOD.
Trying to engage someone in a conversation on National Issues is pathetic. Often many do not have a clue what you are talking about and many could not care. If they do care, they always possess what to me is a radical view. Yet, they view me as the radical, because I dare take on issues, or "complain".
I am one of the only mothers in the school district who will dare take on the school. We had a recent "beating" in the high school - brass knuckles were used, a clear weapons violation under state and federal law. I could not get the paper to report on it, so the community was not informed of the event. It was not in the Police Report in the paper. It was not reported, so far as I have been able to ascertain, to the Dept. of Ed. It is a "stick your head in the sand" issue. The boy who got the "beating" was related to the Mayor and a school board member. You would think they would make a big public deal out of it, but no. Not a word has been spoken. I am the only parent demanding openness on violence in our schools. We need serious change before situations escalate.
I hope these examples, though a bit far from the original subject matter, help to demonstrate why people around here could care less about the voting machines. Only those employed in the tech sector have spoken up (and have been soundly quashed) on the issue. My husband and I are in the vast minority here who agree with this website.
I hope this explains a bit why people here are not "involved" and seemingly, do not care. They truly do not see it as a problem at all. |
Bev Harris
Board Administrator
Username: Admin
Post Number: 4612
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, May 14, 2006 - 7:52 pm: |
|
Thank you to all, and Kurt -- thank you for providing your insights on Pennsylvania. I am just coming up for air for a sec. -- have another report coming out shortly. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2428
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, May 15, 2006 - 12:17 am: |
|
I have never underestimated the degree of apathy and unawareness in the general public. A prolonged media-imposed entertainment stupor is one problem, but not the only problem. A distance from elected representatives and from meaningful participation in locl-level decision-making is another part of the problem, and that we are "educated" (brainwashed) to submit to authority without question. |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 269
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, May 15, 2006 - 4:21 am: |
|
Catherine,
Here we are less than 24 hours from our Primary, and the only voting most people care about around here tomorrow is American Idol phone voting. |
Adam Stiles
Voting Rights Forum Participant
Username: Ajs726
Post Number: 1
Registered: 05-2006
Best of Black Box?
Votes: 2 (A keeper?) | | Posted on Monday, May 15, 2006 - 5:22 am: |
|
I'm from Great Britain, where hand-counted paper ballots are still used. Frankly, it amazes me that anyone would think it legitimate to elevate anything, least of all a corporation's right to keep secrets, above the integrity of the democratic process.
Every single aspect of the election process must be absolutely open to public scrutiny, otherwise there is no democracy.
It's for this reason that I think mandating Open Source software, while it is a noble aim, does not go far enough. Anyone can examine it, but only a minority of people -- competent programmers -- can gather any useful information from examining it. Yes, a programmer might be able to see from the Source Code that a voting system is tamperproof. But to anyone but a computer scientist, Source Code is next to meaningless; a message, written in a strange language, and said by speakers of the language to constitute some sort of guarantee.
I believe that all technology used in the course of an election should be comprehensible to a school leaver with passing grades. Anything less harms democracy, by making it harder for the general public to understand how the system is absolutely immune to interference.
Josef Stalin was reputed to have said "Those who cast the votes decide nothing, those who count the votes decide everything". This is why the counting of the votes must be done in the open, so that those who cast the votes can see that the votes are counted correctly. If only scientists of a particular discipline can understand the process, then there is less openness. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2434
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, May 15, 2006 - 5:33 am: |
|
Hi Adam,
To add to your point about Open Source, (I agree that it's not a solution for the reasons you mention--it can't be "observed" by those who are not programmers), the recent Hursti II Report revealed that the OS and bootloader vulnerabilities would make the integrity of the voting machine programming completely irrelevant. Both the Windows CE and--even more seriously--the bootloader have vulnerabilities that would override the software program. It would be impossible to ever be certain that a voting machine had not been compromised.
It's like using ballot boxes with several unlockable trap doors. There's no way to ever know what, if anything, is in the secret compartments behind the trap doors, and no one can ever prove conclusively whether votes had been added, removed, or left untouched. |
Kathleen Wynne
Moderator
Username: Admin_ii
Post Number: 321
Registered: 08-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, May 15, 2006 - 7:08 am: |
|
Adam,
quote:it amazes me that anyone would think it legitimate to elevate anything, least of all a corporation's right to keep secrets, above the integrity of the democratic process.
Welcome to BBV!
It amazes me too. I agree with everything you said. Imagine, corporations are given the right, in America no less, to keep secrets from citizens when it comes to the democratic process? Such absurdity is the only transparent part of the election process we presently have, IMO.
Despite all the evidence to the contrary, why is it that millions of Americans and a majority of election officials and politicians still believe the machines are just fine and think hand counting our votes is more vulnerable to manipulation and, therefore, cannot be trusted!
Have the colonies gone insane? England seems to have a more transparent election process than America!!
Kathleen Wynne
* * * * * *
* * * * * *
* * * * * *
* * * * * *
TRIPLE PROTECTION FOR ELECTION 2006 - STARTING NOW:
(1) Use Freedom of Information, public records requests ("All American Paper Chase")
(2) Try Dumpster Diving for Democracy
(3) Candid America Project - Don't leave home without your camcorder
HOW TO DO IT: http://www.bbvforums.org/forums/messages/6/6.html
|
Kathleen Wynne
Moderator
Username: Admin_ii
Post Number: 322
Registered: 08-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, May 15, 2006 - 7:51 am: |
|
Catherine and Kurt,
Kurt said:
quote:I hope this explains a bit why people here are not "involved" and seemingly, do not care. They truly do not see it as a problem at all.
Catherine, I agree with your analysis to Kurt's post. However, I think another reason citizens don't participate in the process is because they are intimidated by these machines (even those who don't immediately submit to authority figures). They feel unqualified to participate in the election process with any confidence because they simply don't understand how to oversee a voting machine in a way that qualifies as meaningful citizen oversight. It's more like citizen watching because the process has been rendered so non-transparent and in most cases obstructed, they don't even know what it is they're watching.
Introducing technology into the election process is akin to that analogy where a frog is in a pot which slowly begins to boil and the frog doesn't realize he's about to be cooked until it's too late.
Voting machines have slowly but surely been boiling transparency and citizen oversight right out of the election process altogether. We are definitely at the boiling point.
Kathleen
(Message edited by admin_ii on May 15, 2006)
* * * * * *
* * * * * *
* * * * * *
* * * * * *
TRIPLE PROTECTION FOR ELECTION 2006 - STARTING NOW:
(1) Use Freedom of Information, public records requests ("All American Paper Chase")
(2) Try Dumpster Diving for Democracy
(3) Candid America Project - Don't leave home without your camcorder
HOW TO DO IT: http://www.bbvforums.org/forums/messages/6/6.html
|
John Gideon
Frequent Voting Rights Forum Participant
Username: Johngideon
Post Number: 222
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, May 15, 2006 - 8:46 am: |
|
The question I have been asking is; "Did the SAIC report find this security hole?". Well, I was asking the wrong question. Instead I should have been asking about both SAIC and RABA. Page 19 of the RABA report:
http://www.raba.com/press/TA_Report_AccuVote.pdf
3. Load a PCMCIA card with an update file. The PCMCIA card can be used to update
the software on the AccuVote-TS terminal. This can be done by placing a PCMCIA
card with an update file into the terminal and rebooting the terminal. The update file
allows an attacker to overwrite any file on the system. Furthermore, by using this
technique an attacker can install his ow n version of the ballot station software giving
him the ability to completely invalidate all the results on that terminal. If he
compromises the AccuVote-TS terminal used as the accumulator 25, he can
compromise the entire precinct results.
This report is dated Jan. 20, 2004 and all security issues identified in this report were supposed to have been mitigated, as I recall. It is apparent that Diebold did not care to fix their problem then. Why are we to believe they will fix it now? |
Kate Spark
Voting Rights Forum Participant
Username: Maroon1
Post Number: 7
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, May 15, 2006 - 9:06 am: |
|
Good Morning/Afternoon!
I have a couple of questions regarding our machines for tomorrow's primary.
So far, I am unsuccessful on finding a way to (at the very least) "view" the machines and the casings. But, I would like to know where to ask for a copy of the documents recording the serial number information? Is that done through State Elections officals? I would prefer asking them, as the list would be comprehensive for the state (I would hope), not just the serial numbers from Washington County, if I requested information locally.
""Oddly enough, Diebold sent Washington County five TSx units set up for a voter-verified paper audit trail, a device that hasn't been certified for use by the Pennsylvania Department of State. "
One other thing I have learned, that was queried by Glenn in a previous post... We have also received machines that were not what we ordered, different in that they have the VPAT. I believe we have 5 of them, too.
However, the state does not certify these machines for usage. Right at this moment, I have no way of knowing if they will be used tomorrow. As per the quote below, is simply disabling the VPAT then making the machine "be in compliance" as a certified machine under my states laws? Or should these machines not be used? If they are used, have they then been "legally" certifed by PA, and what, if any, would the implications be?
"Advocates of the paper audit trail have been quite vocal in their support of a VPAT system, but optically scanned ballots are the only type the state has certified."
"Any machines with VPATs must have that system disabled before the voting machine is used in an election. The Department of State has expressed a concern that what are supposed to be secret ballots could be traced to the voter." |
Bruce Sims
Frequent Voting Rights Forum Participant
Username: Ubetchaiam
Post Number: 778
Registered: 06-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, May 15, 2006 - 9:12 am: |
|
Kurt's posting of Posted on Sunday, May 14, 2006 - 01:12 pm:; well, let's hear for this aspect of PA election laws/codes,that they handcount all absentee ballots. Requiring such in CA would bring such a cry of outrage from the local election officials,citizens of PA would hear them. Especially since almost 40% of all votes cast are by early/absentee ballots.
And it's amazing that -at least in San Diego,CA- the ROV absolutely relies on Diebold technicians to program both opscan and DRE's but that all the PA election officials manage to do it on their own;hmmm. |
Adam Stiles
Voting Rights Forum Participant
Username: Ajs726
Post Number: 2
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, May 15, 2006 - 9:14 am: |
|
Well, if voting machines were to be running Open Source software, they would have to be running 100% open source software. That's an open source bootstrap loader {LILO or GRUB}, an open source operating system {GNU/Linux or BSD} and an open source application stack. I think such a setup would be acceptable for a ballot of competent programmers.
I have actually designed a voting system, based the British system. It's a direct-recording electromechanical device {so no recounts are possible} which doesn't use any principle which a school leaver would not be able to understand {assuming passing grades in maths and physics}.
The lack of an audit trail is mitigated somewhat by the machine's design. As long as the Presiding Officer is exercising due diligence, an uncounted vote can always be spotted. The faulty machine can then be withdrawn from use, put into a mode in which it will accept no further votes without being unsealed and reset, and replaced with a spare; all within a minute or thereabouts.
No software is used at all, and the human interface is adaptable to various disabilities. Note that in the UK, a disabled person is entitled to bring an able-bodied carer of their choosing {and so presumably whom they trust with their vote} to the polling station with them.
Anybody interested in a fuller description? |
MH
Voting Rights Forum Participant
Username: Runner2
Post Number: 1
Registered: 05-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, May 15, 2006 - 9:51 am: |
|
May I ask if the Black Box Voting Organization is giving any consideration to publicizing the Smart-Card security hacking issue, described here in an earlier post, just as it has publicized the chain-of-custody hacking issue?
Given tens-of-millions of voters and thousands of poll workers have direct access to the smart-card data read/write device on Diebold voting machines across the U.S., this is at least as critical a security issue as the chain-of-custody issue!!
At the very least, poll worker across the U.S. should be notified to watch for unusal card handling activity as voters and other poll workers use the voting machines. |
Bruce Sims
Frequent Voting Rights Forum Participant
Username: Ubetchaiam
Post Number: 779
Registered: 06-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, May 15, 2006 - 9:53 am: |
|
Posted on Sunday, May 14, 2006 - 09:04 am: by Kathleen
"If it can be proven by the ITA's that Diebold never disclosed this feature to them, then doesn't this call into question whether this omission was intentional and therefore calls into question its intended purpose?"
Per the 1990 FEC standards-I have to check the latest EAC/FEC 'guidelines'-the vendor is REQUIRED to disclose all vulnerabilities to the ITA's who are supposed to test them and report such to the election officials. I think there is enough proof from the ITA testimony to indicate Diebold violated the 1990 -at the least- FEC standards. |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 271
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, May 15, 2006 - 10:43 am: |
|
Bruce,
I can give you a little insight on why we count absentees by hand. We have a very low percentage of absentee ballots, unlike many other states.
We are an "excuse required" absentee ballot state. You may not get an absentee ballot merely because you prefer to vote that way. You must either be away from your municipality all day on Election Day, or you must have a disability or infirmity that makes voting at the polls unduly burdensome. If someone in good health is seen in his municipality on Election Day, his absentee ballot may be challenged and voided.
The typical precint tomorrow will have 2-6 absentee ballots. In a Presidential November, that balloons to maybe 50+ per precinct on average. If we had "no excuse" absentees, we'd probably get scanners, too. Both would require legislation. |
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 272
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, May 15, 2006 - 10:49 am: |
|
Bruce,
Also, do not give too much undue credit to PA for having its ROV's, or E.D.'s, program the machines.
I believe the "plan" was for the vendors to do it initially here also. For the other vendors, they may still be doing it. The "old DRE" counties (Danaher, Sequoia Advantage) definately do their own with some guidance from vendors for technical questions. Diebold, to their partial credit, recommended that counties do their own programming when the security alert came out.
Now if it really went down that way....
For all I know, ES&S may still be doing it for their counties. |
Bev Harris
Board Administrator
Username: Admin
Post Number: 4635
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, May 15, 2006 - 12:10 pm: |
|
John Gideon:
I don't know. Perhaps the state voting machine examiners and the scientists should be asked why they never checked.
It appears that now, after Avi Rubin and Doug Jones both said "this is new" to the New York Times and other publications, they are now saying "this is old."
Since they've all read the RABA report and the SAIC report, one wonders why they changed their tune on this.
I simply forwarded their messages to Hursti.
This is an excellent idea for why citizens should never, never, never trust a group of scientists to design, oversee or decide public policy on voting machines.
They didn't know. They knew but forgot. They never looked. They can't remember.
All the while, they are saying to keep on using those touchscreens. Way to go, guys.
New mantra: Who knew what and when? |
Kathleen Wynne
Moderator
Username: Admin_ii
Post Number: 323
Registered: 08-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, May 15, 2006 - 12:25 pm: |
|
It's up to citizens to decide who's bull******* and who's not regarding the Hursti Report II.
Kathleen
* * * * * *
* * * * * *
* * * * * *
* * * * * *
TRIPLE PROTECTION FOR ELECTION 2006 - STARTING NOW:
(1) Use Freedom of Information, public records requests ("All American Paper Chase")
(2) Try Dumpster Diving for Democracy
(3) Candid America Project - Don't leave home without your camcorder
HOW TO DO IT: http://www.bbvforums.org/forums/messages/6/6.html
|
V. Kurt Bellman
Frequent Voting Rights Forum Participant
Username: Formerelecdir
Post Number: 275
Registered: 04-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, May 15, 2006 - 12:32 pm: |
|
Kathleen,
"It's up to citizens to decide who's bull******* and who's not regarding the Hursti Report II."
Yes it is. But my question is, "And do what with it?" March in the streets? Carry signs on overpasses? I'm not making fun of people who do that, but does it accomplish much, especially in the short term?
This is a long slogging battle. No one will be able to declare victory any time soon. People need to know there are very few easy or quick answers. This will be a battle of attrition. It may never be the kind of thing where election reform advocates can go have a "we won" party.
This journey is not for the faint of heart or weary of spirit. Be prepared for setbacks and advances. |
Robert Sawdey
Frequent Voting Rights Forum Participant
Username: Rsawdey
Post Number: 129
Registered: 01-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, May 15, 2006 - 12:46 pm: |
|
You've said enough for me, Adam... if it's neither recountable or auditable it's unacceptable... Especially since it's based on a mechanism whose correct functioning can't be observed, and whose design is only understandable by 'experts'. Do some reading in the forums here which discuss system designs... |
Brant Lamb
Frequent Voting Rights Forum Participant
Username: Brantl
Post Number: 563
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, May 15, 2006 - 1:10 pm: |
|
Regarding a post of Jim March's previously: If you boot a system from a known-good CD you can eliminate threats for everything except the BIOS and whatever construction has been made of the CPU resident microcode. The BIOS threat would remain the most cogent to doing anything except making the machine fail to function at all. (The CPU resident microcode is essentially the code that tells the processor how to decode numeric instructions and then execute them, much to fine to create the type of problems that you'd use to crook an election without other level support.)
If the boot sequence is set to try the CD before the other machine resident hardware, and we're talking about the on-disk loader for the OpSys, this lets you get ahead of that. If you're talking about the bios bootloader, then you're still stuck. Interesting distinction, isn't it? |
John Gideon
Frequent Voting Rights Forum Participant
Username: Johngideon
Post Number: 223
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, May 15, 2006 - 1:23 pm: |
|
Bev,
Doug Jones was the first who asked about the SAIC report. He has clearly never read the full report. In fact, he is being a lot more vocal against Diebold than are some of the other computer scientists.
I suspect that many are looking at this issue as if it was just another security problem with some software/firmware and not that it is something far worse than that. They are being far too conservative in their thinking. I do not believe that Jones can be included in that group. |
| | |
