Black Box Voting : Fourth of July Fireworks: Unredacted Hursti reports, photos released

Forum Navigation
  Topics
  Log In
  Log Out

Forum Search
  New Today
  New This Week
  Advanced Search
  Tree View

Forum Account
  Edit Profile
  Register
  Forgot Password
:
Forum Tools
  Help/Instructions
  Policies

  ...

Fourth of July Fireworks: Unredacted ...

Black Box Voting » Latest Investigations from Black Box Voting » Fourth of July Fireworks: Unredacted Hursti reports, photos released

« Previous Next »

Author

Message

Bev Harris
Board Administrator
Username: Admin

Post Number: 5332
Registered: 12-2004

Best of Black Box?
Votes: 28 (A keeper?)

Posted on Monday, July 3, 2006 - 2:36 pm:

* * * * *

"We're counting the votes. Get over it."

Be part of the solution: Please sign up for the NATIONAL HAND COUNT REGISTRY: Go to Home Page - Hand Count Registry is right above lead story

Make November elections the biggest evidence gathering action ever. EVIDENCE = videotape, audiotape and photos. Come prepared. This time, focus on the COUNTING not just the voting.

Joseph Hall
Voting Rights Forum Participant
Username: Joehall

Post Number: 100
Registered: 01-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, July 3, 2006 - 4:41 pm:

Michael W Mather
Voting Rights Forum Participant
Username: Gypsy

Post Number: 63
Registered: 07-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, July 3, 2006 - 5:23 pm:

(From admin - link below is now fixed)

Bev,
Great 4th of July 'Fireworks.'

Note that some of the links to the photos have a problem; they lead to a "Not Found" page.
This one for example:
http://www.bbvdocs.org/diebold/tsx/tsx-side-view-with-button.jpg

Thanks.

Bev Harris
Board Administrator
Username: Admin

Post Number: 5335
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, July 3, 2006 - 7:30 pm:

On the motherboard (b1 b2 b3 b4) substitute jpg for JPG.

I'll troubleshoot the others tomorrow. Spilled coffee on my laptop and had to run it in to the repair shop, will re-upload from the office computer.

Sorry 'bout that.

John Gideon
Frequent Voting Rights Forum Participant
Username: Johngideon

Post Number: 235
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, July 3, 2006 - 7:45 pm:

Thanks for doing this. A lot of us have been waiting for this to happen.

Also, the report is on the TSx but does all of this also affect the TS-R6??

Bev Harris
Board Administrator
Username: Admin

Post Number: 5338
Registered: 12-2004

Best of Black Box?
Votes: 1 (A keeper?)

Posted on Monday, July 3, 2006 - 7:50 pm:

The motherboard on the TS-R6 is very different from the TSx motherboard. So is the source code, so is the case.

That being said, many of the weaknesses are the same. The delivery mechanism may differ.

You can find out a lot about the use of the JTAG connections by searching for the word "JTAG" in the source codes and memos. The source code for the TSx is called Wildcat and the source code for the TS-R6 is in the AccuTouch set of files from the cvs.tar directory.

I also recommend searching for the terms "SD card" and "SD/MMC" and "IrDA".

John Gideon
Frequent Voting Rights Forum Participant
Username: Johngideon

Post Number: 236
Registered: 12-2004

Best of Black Box?
Votes: 1 (A keeper?)

Posted on Monday, July 3, 2006 - 7:51 pm:

Diebold claims that one of their accessibility features is that the core unit can be removed and set on the lap of a voter who is in a wheelchair.

That's great except that there is no extension cord from the core unit to the vvpat printer so when the core unit is removed the vvpat does not work.

In other words that accessibility feature cannot be used in any state that has a required vvpat.

Bev Harris
Board Administrator
Username: Admin

Post Number: 5339
Registered: 12-2004

Best of Black Box?
Votes: 1 (A keeper?)

Posted on Monday, July 3, 2006 - 8:14 pm:

You have to have the core unit seated in the case to use the printer. (See photos). The core unit (the "tablet") is dark gray, the case is light beige. The VVPAT printer is actually seated in the case, and the only way I know of to use it is to seat the gray tablet in the case.

So yes, John, right on. When the tablet is brought to a disabled voter by removing it from the case, the VVPAT is eliminated, thereby achieving two things:

1) Discriminating against the disabled voter

and

2) Ruining the audit trail. Why? Suppose you have two voters that use the touchscreen outside its case and there's no VVPAT for them. Suppose you have only one vote separating the candidates. (This happens more often than you think in small local races!). You are missing two paper audit trails, and you will not be able to do a meaningful recount.

And, as an added sucky bonus, if just one disabled voter uses the tablet without the VVPAT, you can identify their vote, thereby removing voter privacy and discriminating against them in two ways at once.

Phil McCracken
Voting Rights Forum Participant
Username: Phil_mccracken

Post Number: 21
Registered: 01-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, July 3, 2006 - 9:58 pm:

Does everyone know how many counties had machines taken home in California? The answer is 56 counties (the two smallest counties in California have all-mail balloting). Why is this such a new issue to many, since this has occurred with ballots being taken home by poll workers for over 40 years?

I guess San Diego County was the only county in the US running an election this year...

Amazing...

I have a question for EVERYONE: Let's try and design a solution to this "issue." What would YOU recommend as the process for taking equipment, ballots and supplies to the polling places...to protect the chain of custody and the potential for fraud? This should be good discussion...I hope.

Bev Harris
Board Administrator
Username: Admin

Post Number: 5340
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Monday, July 3, 2006 - 10:50 pm:

Phil: You may post that discussion in the General Discussion area, and it will make for a fine discussion. I'm sure that step one would be to eliminate use of a Diebold TSx system with no security on the case which contains a JTAG connection inside allowing anyone with access to gain permanent control of the machine -- with no forensic test possible find out if the machine has been contaminated.

California elections officials were told by Diebold that the TSx was secure. The machine is not only insecure, it is perilous to the republic.

The real question is: Did Diebold disclose this to the elections officials when they sold the system? Did they represent it as secure? Did they fail to warn?

The real questions continue: Why was the system designed this way in the first place? With half a billion in taxpayer funds spent on Diebold, when will we put these questions to the programmers who designed the system? We should not be asking the PR guy, we need to put some tough questions to the programmers themselves, under oath.

The real questions are why, after this information was provided to the secretary of state of California, the EAC, and dozens of others, did they not take appropriate steps to protect U.S. elections?

The real questions are why did it take two 50-year old women to bring a guy here from Finland to tell us the truth -- and why, when the truth was revealed, was the problem not addressed appropriately?

It's okay to say the "C" word.

Corruption.

Barbara Bellows-TerraNova
Voting Rights Forum Participant
Username: Bellterr

Post Number: 13
Registered: 05-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Tuesday, July 4, 2006 - 11:02 am:

Let's hear it for the 50-year-old woman!!!

On the 4th of July, who better to celebrate, than a woman who believes democracy is worth doing!

Thank you, Bev.

From a 54-year-old woman.

Joseph Hall
Frequent Voting Rights Forum Participant
Username: Joehall

Post Number: 101
Registered: 01-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Tuesday, July 4, 2006 - 11:28 am:

The TSx should still be functional if it is unplugged, right? What (besides the damn thing being cumbersome) would preclude walking the whole unit (core, cradle, vvpat, etc.) out to a disabled voter? Just wondering if the "cumbersomeness" is the only deterrant from just taking the whole thing somewhere...

Bev Harris
Board Administrator
Username: Admin

Post Number: 5346
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Tuesday, July 4, 2006 - 2:38 pm:

the links are fixed, and I have added another couple dozen photos (linked into original post, starting from Misc 12 on)

There are about 50 more pics still to upload.

Kathleen Wynne
Moderator
Username: Admin_ii

Post Number: 437
Registered: 08-2005

Best of Black Box?
Votes: 2 (A keeper?)

Posted on Tuesday, July 4, 2006 - 9:46 pm:

Even if the vendors and the ITA's did follow the procedures BBV has declared necessary -- and did so publicly with proper citizen oversight -- in order to mitigate the glaring, security flaws inherent in the Diebold TSx touch screens in time for the November election, we will still be at the mercy of experts having to tell us whether or not the procedures were done correctly and then trust them to declare whether each voting machine is clean of malicious code. Will any citizen, without a computer background, have the ability to oversee this process effectively? If not, who will be overseeing this process throughout the country?

I don't think anyone can argue now that with all the hard evidence brought forth by BBV proving the many and varied security breakdowns at every level of our election process, that we need to start over. No band aids this time around please! First, if this is to be done right, it would require us taking trust totally out of the process altogether.

To begin the process of reclaiming our elections, BBV has also been proclaiming for some time now that citizens must demand and get ASAP a public, televised hearing, of the person or persons who designed the software architecture in the Diebold voting systems, answering questions under oath explaining why they ever designed such a flawed architecture riddled with redundant security holes and who approved it. The photos show the software architecture was intentionally designed this way. We have a right to know why. The answers we are given will guide us in deciding how to protect against this sort of thing from ever happening again. Furthermore, this hearing should also include all the vendors, the ITA's, NASED and state examiners (past and present). No more speculation about who did what, when and why. Waste of time and accomplishes nothing.

Another thing we shouldn't continue to trust and should make certain doesn't fall through the cracks -- We shouldn't assume that the other voting systems being used are safe and secure. So, we ought not be shy about demanding the same kind of independent testing be done on them, as was done on the Diebold voting systems. Why should we trust them to be safe and secure? The same ITA's and experts certified them. We need to know whether they also failed to examine certain components in these other systems and whether there are any hidden back doors open for business in them as well.

We cannot afford to compromise on taking these initial steps in letting go of trust in our elections process, if we are ever going to install and maintain a clean version of one. One designed to stop corruption before it starts and one that puts citizens in charge of a process designed for them to be able to effectively oversee and manage. No Ph.D. or computer background required. Only citizenship.

Kathleen

Bruce Sims
Frequent Voting Rights Forum Participant
Username: Ubetchaiam

Post Number: 838
Registered: 06-2005

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, July 6, 2006 - 10:39 am:

To Joe Hall; I cannot speak except to that i observe in San Diego; the TSx's are mounted on a stand and tape is placed from the stand to the machine.
The stand is about 3 feet high,square, with what looks to be white plastic covering(the type of plastic used for trash bags)it and then tape holding everything in place.
So taking such curbside would be tough; it would be even tougher to undo the tape that attaches to the machine and stand, take the machine curbside,then bring it back in onto the stand and tape it all back together again.

Phil McCracken
Voting Rights Forum Participant
Username: Phil_mccracken

Post Number: 22
Registered: 01-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, July 6, 2006 - 2:29 pm:

Hey Bruce:

Ever see a TSX up close? There is no tape, not even for taking the unit out to the curb! You are correct in saying the unit is "seated" in the base unit." But there is no tape....

Bev Harris
Board Administrator
Username: Admin

Post Number: 5362
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Thursday, July 6, 2006 - 3:49 pm:

Phil,

I was going to ask about the tape, but Bruce Sims says he observed this. So rather than saying "there is no tape" I'd like to ask him to clarify what he saw.

I find Bruce to be someone who tends to speak with precision, and I want to hear what he has to say on this.

Robert Munyer
Voting Rights Forum Participant
Username: Munyer

Post Number: 29
Registered: 12-2005

Best of Black Box?
Votes: 3 (A keeper?)

Posted on Friday, July 7, 2006 - 5:57 am:

I haven't read the newly released information, but I've read the announcement above. I want to suggest one clarification/correction. I agree with the explanation of the problem, but I don't agree that the proposed "proper mitigations" would actually solve the problem.

Bev Harris wrote:

quote:
The "official" bootloader needs to be sent to the ITAs for examination, as well as provided to state voting machine examiners.

Are these really the right people for the job?

The job, if I understand correctly, is something like this: examine one copy of a piece of voting machine software, and certify that it contains no back doors or exploitable defects.

I submit that the people you mentioned above are the worst possible candidates for this job. They have a long and ignominious track record of repeatedly examining grossly unsafe voting systems and then certifying them as safe.

So, who can do the job?

Computer security experts?

Consider the "Berkeley report" which followed Hursti I. It was written by world-renowned computer security experts, and they found many vulnerabilities. They also included this important disclaimer:

quote:
One concern, however, is that these are just the bugs we were able to find; there are quite possibly others we did not notice, and that automated bug-finding tools (which are always imperfect) would not notice either. Code review is difficult. It is hard to be confident that one has found all bugs [...], and if we used another tool or if another person were to examine the code, they might find other vulnerabilities.

I expect that any real computer security expert would give you a similar disclaimer. Notice that the presence of such a disclaimer means that the report could not be used to certify the absence of back doors, even if the authors of the report had found no bugs at all.

What about someone like Dr. Dill? His "day job" involves verification of computer hardware and software, and he's been doing research in that field since the 1980s. Surely he would be qualified for this job?

Yes, Dr. Dill's field of expertise can be appropriate for this sort of job. He can analyze a system and certify that it does what it's supposed to do. But if you were to present him with this particular job (analyze a voting machine boot loader) he would give you some very important disclaimers which, much like the Berkeley disclaimer above, would prevent you from using his analysis of the boot loader as a reason to trust the actual voting machine.

His disclaimers would probably include sentences like "If you want to be able to trust the output of the application program, you'll have to verify everything: hardware, boot loader, firmware, operating system, application program, data files. Verifying only the boot loader won't really help." and: "You can't just take a typical modern software system (big, complex, sloppy) and verify it. Instead you generally need to redesign it for verification, and reimplement it, usually from scratch."

If Diebold would redesign all their software from scratch, and produce only perfect software which has no bugs and can be formally verified, would that solve the problem? Not really. Even with perfect new software, there still wouldn't be any good way to verify that the individual voting machines are running the good new software and nothing else. Even if everyone in town would show up to watch the election officials while they install the new software, the people wouldn't really be able to see the software that's being installed. They would only see a voting machine being hooked up to another computer. Why should they trust that other computer? You end up just moving the problem to another computer, instead of actually solving it.

My recommendation:

I don't think you should refer to your suggested procedures as "proper mitigations" which would allow the machines to be considered "trusted." Instead, I think you should do what the Berkeley team did: refer to these suggested procedures as "Short-term Mitigation Strategies for Local Elections" and state clearly that "in the longer term, or for statewide elections," stopgap solutions will not suffice, and real solutions must be implemented.

Bev Harris
Board Administrator
Username: Admin

Post Number: 5365
Registered: 12-2004

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, July 7, 2006 - 7:40 am:

Robert,

I agree with the input you just provided. You're right!

And thank you.

Bev

Mike Myhre
Voting Rights Forum Participant
Username: Mike_myhre

Post Number: 91
Registered: 02-2006

Best of Black Box?
Votes: 1 (A keeper?)

Posted on Friday, July 7, 2006 - 8:03 am:

The art of finding bugs in software has been explained with the pearl necklace theory. When a pearl necklace is broken, the pearls scatter everywhere. The first pearls are easy to find. As time goes on, and you keep finding more pearls, the time between each find gets longer and longer. You can theorize by the rate at which you are finding pearls how many are left.

In electronic voting machines, it appears that many pearls were intentionally added to the collection. We can judge by how many bugs/security holes that have recently been discovered, that there are many more still there as Robert and the Berkley report stated. In software, often the fix for one bug introduces other bugs so just because you have plugged one security hole, doesn't mean another door hasn't opened somewhere else (either accidentally or purposely).

The point I am trying to make is I don't believe we will ever be bug free or know all the flaws that lurk undiscovered. If our goal is to make computers perfect without auditing, we will forever be chasing our tail hoping we are 'almost there'.

If computers are to be used in ANY area where accuracy is required, they must be audited. Rather than strive for perfection in every link of the chain, with no way to verify it (or the existence of flaws), simply audit the process from start to finish and the problems will become self evident.

Saul Iversen
Voting Rights Forum Participant
Username: Malachite

Post Number: 1
Registered: 07-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, July 7, 2006 - 9:28 am:

Dr. Avi Rubin cited the redacted Hursti report in his latest posting to the Huffington Blog. I recently reviewed the unredacted version posted here on BBV, along with the many photographs of the top side of the circuit board. I take exception to several comments in the Hursti report and frankly think it needs to be revised for clarity. Before I launch into an explanation, I feel that perhaps I should first review the Berkeley report that has been noted here. Can someone please offer a link toward this end?

Thanks!

Mike Myhre
Voting Rights Forum Participant
Username: Mike_myhre

Post Number: 92
Registered: 02-2006

Best of Black Box? N/A
Votes: 0 (A keeper?)

Posted on Friday, July 7, 2006 - 9:38 am: