Forum Navigation
Topics
Log In
Log Out
:
Forum Search
New Today
New This Week
Advanced Search
Tree View
Forum Account
Edit Profile
Register
Forgot Password
Forum Tools
Help/Instructions
Policies
CLICK STATE TO SEE:
"WATCH LIST"
Marked with: 
"OPEN & HONEST"
Marked with: 
...
|
| Ciber Labs reports on GEMS and VoteHere |
|
| Author |
Message |
    
admin
Board Administrator
Username: admin
Post Number: 304
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, January 20, 2005 - 1:18 pm: | 
|
Ciber Reports
(Compressed zip file, 1,888 KB)
(Source: Public Records Requests)
Ciber Labs has been the main "ITA" (Independent Testing Authority) for voting machine software.
|
joehall
Voting Rights Forum Participant
Username: joehall
Post Number: 1
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, January 20, 2005 - 1:38 pm: |
|
Note: One of these docs is for VoteHere's system. Are these listed together because VoteHere's stuff is used in conjunction with Diebold precinct tabulators? (or just ZIPped together for convenience?)
This is great material. -Joe |
admin
Board Administrator
Username: admin
Post Number: 310
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, January 20, 2005 - 2:25 pm: |
|
They are just zipped together for convenience -- BUT -- this is very important: Note that both VoteHere and Diebold reports omit the penetration analysis. This makes it unlikely that this was an accident, more likely that it was standard procedure.
Of special interest in these files: Under the section marked "Penetration Analysis" the examiner wrote "N/A - Not Tested" and recommended the products for certification.
Not one individual on the NASED voting systems panel objected to the certification, though it is clear that the security analysis was not done. Two members of the NASED certification panel are computer scientists: Dr. Britain Williams (Georgia, Virginia, Maryland) and Paul Craft (Florida).
They signed off on the GEMS central tabulator system, used in every county of Georgia and Maryland, and in 30 of Florida's 68 counties.
GEMS uses unpatched Windows and transfers live election data on a TCP/IP connection using Windows RAS, with easily guessed usernames and passwords and easily accessible phone access numbers. It uses an MS Access database constructed without referential integrity, passwords, or even an auto-numbered audit log.
Taxpayers pay the salaries for both Dr. Williams and Dr. Craft, who receive the Ciber reports, have access to the GEMS programs, which they are hired to independently evaluate. Both Williams and Craft pronounced the GEMS program fit for use, not just in their states, but as NASED certifiers, they recommended the system nationwide. Williams and Craft may also be receiving HAVA funds.
GEMS central tabulator was subsequently used to count nearly 40 percent of the votes in the U.S. in the Nov. 2004 general election. |
joehall
Voting Rights Forum Participant
Username: joehall
Post Number: 2
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, January 20, 2005 - 3:59 pm: |
|
I've heard that the penetration analysis is done by the hardware ITA... do we have those reports as well? (If it is done by the hardware ITA, that would explain why it's consistently not done by CIBER... although why would they list it?) |
linda_franz
Voting Rights Forum Participant
Username: linda_franz
Post Number: 67
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, March 29, 2005 - 11:27 am: |
|
joehall,
Note on some other areas that if something is tested by the hardware ITA, it says so on the form.
If it was supposed to be by the hardware ITA, you'd think it would be mentioned there, too. |
linda_franz
Voting Rights Forum Participant
Username: linda_franz
Post Number: 68
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, March 29, 2005 - 11:34 am: |
|
Why is this checked, "Not applicable?"-
"The redirection of control by means of operator intervention or data-driven logic should not be allowed during the execution of any program unit. The redirection of control resulting from the calling of subroutines, procedures and functions, or by the action of exception handlers and interrupt service routines is allowed." |
|
|
