Forum Navigation
Topics
Log In
Log Out
:
Forum Search
New Today
New This Week
Advanced Search
Tree View
Forum Account
Edit Profile
Register
Forgot Password
Forum Tools
Help/Instructions
Policies
CLICK STATE TO SEE:
"WATCH LIST"
Marked with: 
"OPEN & HONEST"
Marked with: 
...
|
| (US) 12/05 - THE GEMS SYSTEM CAN NOT ... |
|
| Author |
Message |
    
Pat A. Vesely
Frequent Voting Rights Forum Participant
Username: Pat_vesely
Post Number: 2013
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, December 4, 2005 - 12:00 pm: | 
|
So says Diebold in this rebuttal.
http://www.diebold.com/dieboldes/pdf/rebuttal.pdf
Having seen this demonstrated for myself, and knowing that they are lying through their teeth, can we use this official pack of lies against them?
But wait there's more!
Here's a letter to activists sent to address concerns raised by Velvet Revolution.
http://www.diebold.com/dieboldes/pdf/activistletter.pdf
Grab a barf bag and some aspirin and enjoy!
OY!
PAV ;-) |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 1281
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, December 4, 2005 - 2:31 pm: |
|
I trust some person or group of people will put out a formal rebuttal to highlight the untruths in Diebold's statements.
They are bullying election officials who may find it hard (or unnecessary) to decide to seek an independent opinion, having received this letter. This so-called "rebuttal" might be used by election officials as an excuse for why they did nothing to respond to warnings of security vulnerabilities. |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2889
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, December 4, 2005 - 3:34 pm: |
|
The first item is pretty old. It was released by Diebold in fall 2004, and like many reports, when you read it closely it is damning. See page 3:
"For an attacker who edits the database directly, outside of GEMS, the individuals describe this approach, either using MS Access to manually edit the database or alternatively using a Visual Basic (or other) script for this purpose. We've already established that it's possible to modify the database in this way, but what are the effects? The real issue is whether it's possible to do so undetectably."
Here, Diebold admits that what I reported on July 8, 2003, with the help of a still-protected source, whom I referred to in my book as "Cape Cod," is true.
Diebold also admits that the Herbert Thompson Visual Basic script will work.
And yes, using current election procedures, it is highly unlikely that such manipulations would be detected.
Bev Harris |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2890
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, December 4, 2005 - 3:53 pm: |
|
The double set of books does indeed exist (actually, there's a triple set of books -- can you find the third set? After a quick look, Cape Cod referred to this as the "Lord only Knows" table. I've played with the third set of books a bit, but don't find it handy for tampering.)
What's the secret code?
My source, "Cape Cod," pointed this out to me in late June 2003, and he even wrote a program which can quickly check for diddled double sets of books.
The 2-digit code to couple and decouple the books is "-1" and it is located in a field called the "dirty field." Though that name is ironic, it is not particularly relevant.
Diebold's explanation
The explanation they give for the double set of books is plausible as an excuse for why two sets of books exist. Also, it is true that in some counties, these two sets are not always identical -- one may have a more detailed breakdown than the other. In other counties, because of the precincts are organized, the two sets of books will be identical. I was told by the protected source, "Cape Cod," that Diebold would have a plausible reason -- just as they have a plausible reason for their memory card "tamper-me" feature. For that, they claimed they needed flexibility. For this, they claimed it is a method to deal with split precincts.
No matter. It is still a very serious design defect which no accounting program designer in his right mind would use.
Enter Jeffrey Dean
However, an accounting program designed by an embezzler would use this kind of design. We know that the double set of books was designed shortly after embezzler Jeffrey Dean took over research and development.
I did a thorough analysis of each version of GEMS. It is a fact that Jeffrey Dean got major stock in the company, was made a director, and was head of research and development according to internal memos, as of Sept. 2000.
It is a fact that immediately after Jeffrey Dean came on the scene, GEMS went through a series of permutations. Before Jeffrey Dean: Single set of books. Within 5 weeks after Jeffrey Dean came aboard, but still before the 2000 election: Double set of books.
The timing does not really support Diebold's explanation, that the extra set of books was needed for complex counties with lots of split precincts. It is true that they were toying with Los Angeles County databases while the second set of books was put in, and Los Angeles is quite big -- but not as complex, in terms of split precincts, as King County (WA). Diebold was used in King County since 1998. There is one difference between King County and Los Angeles County -- King County, which has byzantine split precincts, does NOT have the one percent manual recount requirement that Los Angeles has.
If we are looking at circumstantial evidence, it is clear that the double set of books coincides in timeline with the entry of Jeffrey Dean and with the need to pass a one percent hand count spot check in California.
It does not coincide with the need to handle split precincts, nor does this design appreciably improve speed of processing in large jurisdictions.
Does Diebold's "accounting" analogy hold up?
Diebold then gives a faulty and disengenuous analogy to an accounting system which has a second table with more detailed information. Wrong. What is different in the GEMS design than in an accounting program is this: GEMS is designed without "referential integrity."
What that means is that you can manually enter transactions in one table that are out of balance with the other. That is not possible in any properly designed accounting system.
Our original source for the story, "Cape Cod," designed accounting databases. He noticed the lack of referential integrity in GEMS immediately.
Properly designed accounting tables
Here's an example of a properly designed accounting system, with two tables -- one with different details than the other. Suppose you have an invoice for $535 from the telephone company. You enter the invoice.
Then, in a different function, you enter a check you wrote for this bill. You enter it as $635.
That is not the same amount as the invoice. The accounting program will not let you do this unless you override the error flag and, in the better-designed programs, enter a separate journal entry as to why there is a discrepancy.
GEMS, however, lets you enter 535 in the candidate counter and 635 in the sumcandidate counter without producing any error message.
How to tamper using the second set of books
The double set of books is significant, because the detail reports are never printed out (at least, in the larger jurisdictions) until days after the election.
In fact, they are often not printed out and distributed publicly until AFTER the one percent random hand count spot check is done (in states that even do this!). This is very significant.
GEMS prints the precinct-by-precinct results from the CandidateCounter tables, but prints the summary reports from the SumCandidateCounter tables. All the candidates and citizens get is the Summary report, which pulls from SumCandidateCounter.
Spot check hand counts are done on a precinct by precinct basis (in states that do them at all). The reports for these are printed on Diebold's "SOVC" report (statement of votes cast). The SOVC report comes from the CandidateCounter table.
As long as you leave the correct results in CandidateCounter, your spot checks will ALWAYS match the SOVC report -- even when the totals are incorrect in your summary report, because you diddled the numbers in the SumCandidateCounter table.
That's because the SOVC comes from CandidateCounter but the Summary comes from SumCandidateCounter.
At the very end, at the final canvassing meeting, the public is allowed to see the full SOVC report. Before the final canvassing meeting, they usually do not print the full SOVC report because it is hundreds of pages long. GEMS provides an option to do the one percent spot checks by just printing the SOVC for the precincts you want.
The SOVC report does show the totals at the bottom (after reading through hundreds of pages, for the full report). Note that until you have the full hundreds-of-pages report, the totals at the bottom of the SOVC won't match the Summary report, since the partial SOVC reports used for the hand count spot-checks only have a few precincts.
There is some variation in how counties handle this. Smaller counties often print the whole SOVC earlier.
At the last minute: Diddle both sets of books, make sure they match before the FINAL canvassing meeting
If someone diddled the SumCandidateCounter they'd want to also diddle the CandidateCounter table before the final FINAL results are in. There's plenty of opportunity to do that using the absentee votes, most of which aren't counted until after the election anyway.
What the double set of books does is buy time to diddle the election, pass the spot check, then you can make up the difference by "correcting the books" with the absentee votes.
Note that there are no poll tapes for the absentee votes counted on the Diebold central count machines. Therefore, when Diebold says the results tapes (poll tapes) will show the discrepancy:
- That only applies if all are checked against the FINAL SOVC tape.
- It still doesn't apply to the absentee votes, which have no poll tape.
Will tampering the vote tables in GEMS produce inconsistencies in other tables?
Yes.
The demo we used, for simplicity purposes, just changes the votes in the columns
The more elegant way to do it is to flip the candidate ID numbers, because that will bypass many of the areas of inconsistency which Diebold correctly points out will be introduced.
The most elegant way to do it is to flip the candidate ID numbers in the absentee vote section only.
However, since no one checks for most of the "areas of inconsistency" -- that process is not in the normal canvassing procedure -- even clumsy diddles will probably work.
|
BBV Admin
Board Administrator
Username: Admin
Post Number: 2891
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, December 4, 2005 - 3:59 pm: |
|
Regarding the second letter, notice the dates:
"Once Diebold added a Verdasys-provided patch .. we were not able to conduct a majority of our attacks..."
That is Digital Guardian, mentioned by Research & Development chief Pat Green at the Cuyahoga County purchasing meeting on Oct. 17, 2005.
Digital Guardian did not work until a special patch was applied. It is not COTS. It must be certified as part of the system, and it has not been certified. It is not in use. And without it, the GEMS attacks work!
Note also that the Visual Basic Script is not mentioned. They only mention that Digital Guardian blocks editing in MS Access.
And furthermore, the report that noted the risk, as "high high high" was provided to Blackwell in Aug. 2004 but he hid it from the public until 2005, after the presidential election. |
Pat A. Vesely
Frequent Voting Rights Forum Participant
Username: Pat_vesely
Post Number: 2014
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, December 4, 2005 - 4:18 pm: |
|
Thanks Bev! That's exactly what I was looking for.
PAV ;-) |
BBV Admin
Board Administrator
Username: Admin
Post Number: 2892
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, December 4, 2005 - 4:26 pm: |
|
Pat -- I edited the longer response for clarity. |
Pat A. Vesely
Frequent Voting Rights Forum Participant
Username: Pat_vesely
Post Number: 2015
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, December 4, 2005 - 4:31 pm: |
|
Thanks again, it's perfect!
PAV ;-) |
michel b.
Voting Rights Forum Participant
Username: Xvote
Post Number: 4
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Sunday, December 4, 2005 - 7:37 pm: |
|
Is this true?
Another poster that I generally agree with on another board said that if there is a greater turn-out there is less ability to hack the vote. Ohio was used as an example because three recent ballot initiatives polled just before the election showed a 60% chance of rejection but were passed on election day. S/he then inferred from this that greater than 10% for or against (whatever your preference) was necessary to over-ride the problem; that hackability was dependent on margin of error.
That just doesn't seem right to me because I would naturally assume the mechanism of the vote counting and the relationships of the programs mentioned above would determine the outcome if hacking is involved.
I would appreciate it if any experts could explain or comment on this. I'll check back later. |
Lora Cove
Voting Rights Forum Participant
Username: Lora
Post Number: 50
Registered: 01-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Monday, December 5, 2005 - 6:49 am: |
|
I'm not sure I understand your question. Although I'm no expert, what I do know about statistics would suggest that the greater the margin of error in a poll, the easier it would be to hack the vote and get away with it. There'd be no red flag because the result would be within the margin of error. |
|
|
