Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Electronic Voting Machines discovered to be "easily hacked"...(2008 ALERT!)
Blackbox Voting ^ | FR Post 8-24-2003 | The research and activism arm of BlackBox Voting.com

Posted on 08/27/2003 5:34:38 PM PDT by vannrox



The research and activism arm of BlackBox Voting.com

  CONTENTS
Introduction
Part 1 - Can the votes be changed?
Part 2 - Can the password be bypassed?
Part 3 ? Can the audit log be altered?

*************

Introduction

According to election industry officials, electronic voting systems are absolutely secure, because they are protected by passwords and tamperproof audit logs. But the passwords can easily be bypassed, and in fact the audit logs can be altered. Worse, the votes can be changed without anyone knowing, even the County Election Supervisor who runs the election system.

The computer programs that tell electronic voting machines how to record and tally votes are allowed to be held as "trade secrets." Can citizen's groups examine them? No. The companies that make these machines insist that their mechanisms are a proprietary secret. Can citizen's groups, or even election officials, audit their accuracy? Not at all, with touch screens, and rarely, with optical scans, because most state laws mandate that optical scan paper ballots be run through the machine and then sealed into a box, never to be counted unless there is a court order. Even in recounts, the ballots are just run through the machine again. Nowadays, all we look at is the machine tally.

Therefore, when I found that Diebold Election Systems had been storing 40,000 of its files on an open web site, an obscure site, never revealed to public interest groups, but generally known among election industry insiders, and available to any hacker with a laptop, I looked at the files. Having a so-called security-conscious voting machine manufacturer store sensitive files on an unprotected public web site, allowing anonymous access, was bad enough, but when I saw what was in the files my hair turned gray. Really. It did.

The contents of these files amounted to a virtual handbook for vote-tampering: They contained diagrams of remote communications setups, passwords, encryption keys, source code, user manuals, testing protocols, and simulators, as well as files loaded with votes and voting machine software.

Diebold Elections Systems AccuVote systems use software called "GEMS," and this system is used in 37 states. The voting system works like this:

Voters vote at the precinct, running their ballot through an optical scan, or entering their vote on a touch screen.

After the polls close, poll workers transmit the votes that have been accumulated to the county office. They do this by modem.

At the county office, there is a "host computer" with a program on it called GEMS. GEMS receives the incoming votes and stores them in a vote ledger. But in the files we examined, which were created by Diebold employees and/or county officials, we learned that the Diebold program used another set of books with a copy of what is in vote ledger 1. And at the same time, it made yet a third vote ledger with another copy.

Apparently, the Elections Supervisor never sees these three sets of books. All she sees is the reports she can run: Election summary (totals, county wide) or a detail report (totals for each precinct). She has no way of knowing that her GEMS program is using multiple sets of books, because the GEMS interface draws its data from an Access database, which is hidden. And here is what is quite odd: On the programs we tested, the Election summary (totals, county wide) come from the vote ledger 2 instead of vote ledger 1, and ledger 2 can be altered so it may or may not match ledger 1.

Now, think of it like this: You want the report to add up only the actual votes. But, unbeknownst to the election supervisor, votes can be added and subtracted from vote ledger 2. Official reports come from vote ledger 2, which has been disengaged from vote ledger 1. If one asks for a detailed report for some precincts, though, the report comes from vote ledger 1. Therefore, if you keep the correct votes in vote ledger 1, a spot check of detailed precincts (even if you compare voter-verified paper ballots) will always be correct.

And what is vote ledger 3 for? For now, we are calling it the "Lord Only Knows" vote ledger.

*************

Detailed Examination Of Diebold GEMS Voting Machine Security ( Part 1)

CAN THE VOTES BE CHANGED?

Here's what we're going to do: We'll go in and run a totals report, so you can see what the Election Supervisor sees. Then we'll tamper with the votes. I'll show you that our tampering appears in Table 2, but not Table 1. Then we'll go back and run another totals report, and you'll see that it contains the tampered votes from Table 2. Remember that there are two programs: The GEMS program, which the Election Supervisor sees, and the Microsoft Access database that stores the votes, which she cannot see.

Let's run a report on the Max Cleland/Saxby Chambliss race. (This is an example, and does not contain the real data.) Here is what the Totals Report will look like in GEMS:

As it stands, Cleland is stomping Chambliss. Let's make it more exciting.

The GEMS election file contains more than one "set of books." They are hidden from the person running the GEMS program, but you can see them if you go into Microsoft Access. You might look at it like this: Suppose you have votes on paper ballots, and you pile all the paper ballots in room one. Then, you make a copy of all the ballots and put the stack of copies in room 2.

You then leave the door open to room 2, so that people can come in and out, replacing some of the votes in the stack with their own.

You could have some sort of security device that would tell you if any of the copies of votes in room 2 have been changed, but you opt not to.

Now, suppose you want to count the votes. Should you count them from room 1 (original votes)? Or should you count them from room 2, where they may or may not be the same as room 1? What Diebold chose to do in the files we examined was to count the votes from "room2." Illustration:

If an intruder opens the GEMS program in Microsoft Access, they will find that each candidate has an assigned number:

One can then go see how many votes a candidate has by visiting "room 1" which is called the CandidateCounter:

In the above example, "454" represents Max Cleland and "455" represents Saxby Chambliss. Now let's visit Room2, which has copies of Room1. You can find it in an Access table called SumCandidateCounter:

Now let's put our own votes in Room2. We'll put Chambliss ahead by a nose, by subtracting 100 from Cleland and adding 100 to Chambliss. Always add and delete the same number of votes, so the number of voters won't change.

Notice that we have only tampered with the votes in "Room 2." In Room 1, they remain the same. Room 1, after tampering with Room 2:

Now let's run a report again. Go into GEMS and run the totals report. Here's what it looks like now:

Now, the above example is for a simple race using just one precinct. If you run a detail report, you'll see that the precinct report pulls the untampered data, while the totals report pulls the tampered data. This would allow a precinct to pass a spot check.

*************

Detailed Examination Of Diebold GEMS Voting Machine Security ( Part 2)

CAN THE PASSWORD BE BYPASSED?

At least a dozen full installation versions of the GEMS program were available on the Diebold ftp site. The manual, also available on the ftp site, tells that the default password in a new installation is "GEMSUSER." Anyone who downloaded and installed GEMS can bypass the passwords in elections. In this examination, we installed GEMS, clicked "new" and made a test election, then closed it and opened the same file in Microsoft Access.

One finds where they store the passwords by clicking the "Operator" table.

Anyone can copy an encrypted password from there, go to an election database, and paste it into that.

Example: Cobb County Election file

One can overwrite the "admin" password with another, copied from another GEMS installation. It will appear encrypted; no worries, just cut and paste. In this example, we saved the old "admin" password so we could replace it later and delete the evidence that we'd been there. An intruder can grant himself administrative privileges by putting zeros in the other boxes, following the example in "admin."

How many people can gain access? A sociable election hacker can give all his friends access to the database too! In this case, they were added in a test GEMS installation and copied into the Cobb County Microsoft Access file. It encrypted each password as a different character string, however, all the passwords are the same word: "password." Password replacement can also be done directly in Access. To assess how tightly controlled the election files really are, we added 50 of our friends; so far, we haven't found a limit to how many people can be granted access to the election database.

Using this simple way to bypass password security, an intruder, or an insider, can enter GEMS programs and play with election databases to their heart's content.

*************

Detailed Examination Of Diebold GEMS Voting Machine Security ( Part 3)

CAN THE AUDIT TRAIL BE ALTERED?

Britain J. Williams, Ph.D., is the official voting machine certifier for the state of Georgia, and he sits on the committee that decides how voting machines will be tested and evaluated. Here's what he had to say about the security of Diebold voting machines, in a letter dated April 23, 2003:

"Computer System Security Features: The computer portion of the election system contains features that facilitate overall security of the election system. Primary among these features is a comprehensive set of audit data. For transactions that occur on the system, a record is made of the nature of the transaction, the time of the transaction, and the person that initiated the transaction. This record is written to the audit log. If an incident occurs on the system, this audit log allows an investigator to reconstruct the sequence of events that occurred surrounding the incident.

In addition, passwords are used to limit access to the system to authorized personnel." Since Dr. Williams listed the audit data as the primary security feature, we decided to find out how hard it is to alter the audit log.

Here is a copy of a GEMS audit report.

Note that a user by the name of "Evildoer" was added. Evildoer performed various functions, including running reports to check his vote-rigging work, but only some of his activities showed up on the audit log.

It was a simple matter to eliminate Evildoer. First, we opened the election database in Access, where we opened the audit table:

Then, we deleted all the references to Evildoer and, because we noticed that the audit log never noticed when the admin closed the GEMS program before, we tidily added an entry for that.

Access encourages those who create audit logs to use auto-numbering, so that every logged entry has an uneditable log number. Then, if one deletes audit entries, a gap in the numbering sequence will appear. However, we found that this feature was disabled, allowing us to write in our own log numbers. We were able to add and delete from the audit without leaving a trace. Going back into GEMS, we ran another audit log to see if Evildoer had been purged:

As you can see, the audit log appears pristine.

In fact, when using Access to adjust the vote tallies we found that tampering never made it to the audit log at all.

Although we interviewed election officials and also the technicians who set up the Diebold system in Georgia, and they confirmed that the GEMS system does use Microsoft Access, is designed for remote access, and does receive "data corrections" from time to time from support personnel, we have not yet had the opportunity to test the above tampering methods in the County Election Supervisor's office.

From a programming standpoint, there might be reasons to have a special vote ledger that disengages from the real one. For example, election officials might say they need to be able to alter the votes to add provisional ballots or absentee ballots. If so, this calls into question the training of these officials, which appears to be done by The Election Center, under the direction of R. Doug Lewis. If election officials are taught to deal with changes by overwriting votes, regardless of whether they do this in vote ledger 1 or vote ledger 2, this is improper.

If changing election data is required, the corrective entry must be made not by overwriting vote totals, but by making a corrective entry. When adding provisional ballots, for example, the proper procedure is to add a line item "provisional ballots," and this should be added into the original vote table (Table 1). It is never acceptable to make changes by overwriting vote totals. Data corrections should not be prohibited, but must always be done by indicating changes through a clearly marked line item that preserves each transaction.

Proper bookkeeping never allows an extra ledger that can be used to just erase the original information and add your own. And certainly, it is improper to have the official reports come from the second ledger, which may or may not have information erased or added.

But there is more evidence that these extra sets of books are illicit: If election officials were using Table 2 to add votes, for provisional ballots, or absentee voters, that would be in their GEMS program. It makes no sense, if that's what Diebold claims the extra set of books is for, to make vote corrections by sneaking in through the back door and using Access, which according to the manual is not even installed on the election official's computer.

Furthermore, if changing Table 2 was an acceptable way to adjust for provisional ballots and absentee votes, we would see the option in GEMS to print a report of both Table 1 totals and Table 2 so that we can compare them. Certainly, if that were the case, that would be in the manual along with instructions that say to compare Table 1 to Table 2, and, if there is any difference, to make sure it exactly matches the number of absentee ballots, or whatever, were added.

Using Microsoft Access was inappropriate for security reasons. Using multiple sets of books, and/or altering vote totals to include new data, is improper for accounting reasons. And, as a member of slashdot.org commented, "This is not a bug, it's a feature."

One more time....

Using Microsoft Access was inappropriate for security reasons. Using multiple sets of books, and/or altering vote totals to include new data, is improper for accounting reasons. And, as a member of slashdot.org commented, "This is not a bug, it's a feature."



TOPICS: Business/Economy; Constitution/Conservatism; Crime/Corruption; Culture/Society; Extended News; Government; News/Current Events; Politics/Elections; Technical; US: California; US: Florida; US: Texas
KEYWORDS: accutouch; accuvote; clinton; computer; diebold; dnc; election; electionsystems; fraud; fraudbydesign; gems; global; hack; hart; hillery; intercivic; sequoia; touchscreen; votefraud; votehere
"This is not a bug, it's a feature."
1 posted on 08/27/2003 5:34:39 PM PDT by vannrox
[ Post Reply | Private Reply | View Replies]

To: vannrox

2 posted on 08/27/2003 5:36:56 PM PDT by vannrox (The Preamble to the Bill of Rights - without it, our Bill of Rights is meaningless!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: vannrox
And at least that is harder to do than simply breaking the lever listed as Republican.
3 posted on 08/27/2003 5:38:34 PM PDT by Paul C. Jesup
[ Post Reply | Private Reply | To 1 | View Replies]

To: vannrox
  Diebold - The Face Of Modern Ballot Tampering
Tuesday, 12 November 2002, 1:06 pm
Opinion: Guest Opinion

Diebold - The Face Of Modern Ballot Tampering


by Faun Otter
From: http://www.bartcop.com/diebold.htm

You can't vote them out if....
You never voted them in.

The lack of any exit polling on November 5 has been oddly ignored by the media. Those pesky tracking polls leading up to the elections have been explained away by a ?late surge to the Republicans? caused by.... hmmmm, how about sun spot activity? With no exit polls, there was no other feedback to conflict with the "official" results, this allowed the Diebold touch screen machines to change the way election fraud is carried out.

Previously, election cheating was a complex matter of ballot tampering combined with sample skewing. That is to say, you screwed up ballots for your opponent with under or over votes, made sure that people likely to vote against you wouldn't even get that chance (the program of voter disenfranchisement in Florida) and padded your own vote total with such things as falsified absentee ballots.

In the much more high tech world of Diebold electronics we are seeing a wonderfully efficient vote rigging system, the long proposed 'black box' technology. Imagine a black box in which you cannot see the workings. The only things you can discern are an input and an output; in this case votes go in and collated totals come out. There is no paper record of each individual vote cast to enable any cross check of the collated output. The only information you can know for sure is the total number of votes cast on the machine. Each vote is stripped of any information as to who cast that ballot to guarantee anonymity for the voters. You now have a system in which you have no way to check vote recording, vote collation and transmission of the collated totals out of the black box.

The perfect crime?

Not quite. Let me suggest an experiment. We take two ?markets? with similar socioeconomic mixtures and a well established record of moving in the same political direction. We provide them with candidates from party X and party Y. We then expose them to similar news stories, we spill TV and radio ads over between the markets to make the effects less ?local? and give them identical weather on election day. The differences between the markets are 1. the candidates and 2. the method of casting and counting the votes. We then take a series of tracking polls on the gap between the candidates leading up to election day.

If we express the tracking poll data as the relative preference for the candidates (12 point lead by X, down one point from last week etc.), any substantial discrepancy between the forecast and actual election outcomes should arise from major news changes, the weather effects on turn out or a a social tendency to misrepresent voting intent. Since both groups get the same news, the same weather and have the same social tendencies, any difference between tracking poll and actual poll data should be in the same direction and of a similar magnitude.

Sooooo...... how come the South Carolina elections had the Democrats doing much better than the tracking poll data showed and the Georgia elections, in an area with the same weather, same news and same social values, had a massive swing in a single day after the last tracking poll, in the opposite direction? Could it be the Diebold touch screen machines in use across the entire state of Georgia but not used at all in SC?

Of course, such a perfect method of mischief has been attempted before,

http://www.votescam.com/frame.html -- Go to the link marked "Chapters" and read all about it. Watch how few lines pass before the names Bush and Sununu come up.

You can trim the wheels in mechanical voting machines but that is easier to spot than a computer program set up to be date sensitive so it causes only to ?misfunction? on November 5. The current problem with virtual ballot tampering was apparent as long ago as 1989. Jonathan Vankin made this warning in "Metro: Silicon Valley's Weekly Newspaper," of Sept. 28, 1989

?A single, Berkeley- based firm manufactures the software used in the machines that compile more than two-thirds of the nation's electronically-counted votes. Analysts describe the software as "spaghetti code," tangled strands of instructions indecipherable to outsiders. The experts say the code could be manipulated without detection. In fact, that may have happened already.?

http://www.conspire.com/vote-fraud.html

After systematic punch card fraud was revealed in the 2000 election, touch screens were proposed as a panacea and have been rapidly adopted against the warning of experts,

?Critics warn local election officials could be trading one set of problems for another potentially as bad, or worse, than last year's election debacle. They vigorously argue that fully electronic systems pose data-security problems and lack a paper trail. "There's no way to independently verify that the voter's ballot as cast was actually the ballot being recorded by the machine,'' said Rebecca Mercuri, a computer scientist and visiting lecturer at Bryn Mawr College in Pennsylvania.?

http://www.kioskcom.com/article_detail.php?ident=1021

It would be interesting to impound a few machines from the heaviest leaning Democratic areas in Georgia and reset the date in the machine to November 5, 2002. A hand counted series of inputs could be made to the machines. Note to James Baker: hand counting is the gold standard against which we check machine counting efficiency. An input of 500 or so ?dummy? votes could then be tabulated and the outcome checked against the inputs. Of course, you could just check the software code. Except for one problem; the company refuses to let anyone see their code on the grounds that is a trade secret.

Oddly enough, Diebold aren?t the only Republican partisans who ?helped? select our candidates for office yesterday:

?According to his press office, in 1995 Chuck Hagel resigned as CEO of American Information Systems (AIS), the voting machine company that counted the votes in his first Senatorial election in 1996. In January 1996 Hagel resigned as president of McCarthy & Company, part of the McCarthy Group that are one of the current owners of Election Systems and Software (ES&S), which itself resulted from the merger of AIS and Business Records Corporation. According to publicist/writer Bev Harris, Hagel is still an investor in the McCarthy Group. ES&S is now the largest voting machine company in America. One of its largest owners is the ultra-conservative Omaha World-Herald Company.?

http://www.dissidentvoice.org/Articles/Landes_Ambush.htm

For more background reading on who gets to play with your ballot, see:

http://www.talion.com/election-machines.html

Who are Diebold? The corporate officers are as thick as thieves with the Republican hard right religious nut division. For those who have been lucky enough to forget, Senator Faircloth was the protege of Jesse Helms in NC. It looks like the board and the directors were all putting up money for a Faircloth victory when Edwards took that senate seat. I wonder if they conspired to put things right.....?

http://www.diebold.com/

Board of Directors
Louis V. Bockius III (2,4,5)
6/28/00 $15,000.00
REPUBLICAN NATIONAL COMMITTEE - RNC
11/3/00 $10,000.00
REPUBLICAN NATIONAL COMMITTEE - RNC
10/9/97 $1,000.00
VOINOVICH FOR SENATE COMMITTEE
10/9/97 $1,000.00
VOINOVICH FOR SENATE COMMITTEE

Christopher M. Connor
Chairman and Chief Executive Officer, The
Sherwin-Williams Company
5/22/00 $1,000.00
VOINOVICH FOR SENATE COMMITTEE
3/30/00 $1,000.00
DEWINE FOR US SENATE
Gale S. Fitzgerald (2, 6)
President and Chief Executive Officer , QP Group, Inc.
7/12/00 $500.00
NEW YORK REPUBLICAN FEDERAL CAMPAIGN COMMITTEE
10/12/98 $200.00
FRIENDS OF JOHN LAFALCE
10/18/99 $1,000.00
BUSH FOR PRESIDENT INC
Donald R. Gant (1,3,5)
Senior Director, The Goldman Sachs Group, L.P.
L. Lindsey Halstead (2,3,6)
Retired Chairman of the Board, Ford of Europe
12/22/98 $500.00
RNC REPUBLICAN NATIONAL STATE ELECTIONS COMMITTEE
1/23/97 $500.00
REPUBLICAN NATIONAL COMMITTEE - RNC
5/27/97 $200.00
REPUBLICAN NATIONAL COMMITTEE - RNC
10/31/97 $500.00
REPUBLICAN NATIONAL COMMITTEE - RNC
12/28/99 $500.00
REPUBLICAN NATIONAL COMMITTEE - RNC
3/7/01 $300.00
REPUBLICAN NATIONAL COMMITTEE
6/12/01 $200.00
REPUBLICAN NATIONAL COMMITTEE
11/27/01 $200.00
REPUBLICAN NATIONAL COMMITTEE
1/24/02 $500.00
REPUBLICAN NATIONAL COMMITTEE
Phillip B. Lassiter (1,3,6)
Chairman of the Board and Chief Executive Officer, Ambac Financial Group, Inc.
4/16/98 $250.00
NATIONAL REPUBLICAN CONGRESSIONAL COMMITTEE
CONTRIBUTIONS
9/21/98 $250.00
NATIONAL REPUBLICAN CONGRESSIONAL COMMITTEE
CONTRIBUTIONS
John N. Lauer (1,4,5)
Chairman of the Board and Chief Executive Officer, Oglebay Norton Co.
10/10/00 $1,000.00
DEWINE FOR US SENATE
8/23/00 $250.00
REPUBLICAN NATIONAL COMMITTEE - RNC
3/17/97 $1,000.00
VOINOVICH FOR SENATE COMMITTEE
Walden W. O'Dell
Chairman of the Board, President and Chief Executive Officer, Diebold
2/14/01 $2,015.00
RNC REPUBLICAN NATIONAL STATE ELECTIONS COMMITTEE
12/17/97 $1,000.00
VOINOVICH FOR SENATE COMMITTEE
1/30/01 $3,950.00
RNC REPUBLICAN NATIONAL STATE ELECTIONS COMMITTEE
8/16/01 $500.00
VOINOVICH FOR SENATE COMMITTEE
12/17/97 $1,000.00
VOINOVICH FOR SENATE COMMITTEE
6/30/00 $1,000.00
DEWINE FOR US SENATE
Eric J. Roorda
Former Chairman, Procomp Amazonia Industria Eletronica, S.A.
W.R. Timken Jr. (2,3,4)
Chairman , The Timken Company
6/23/00 $50,000.00
RNC REPUBLICAN NATIONAL STATE ELECTIONS COMMITTEE
6/8/01 $100,000.00
2001 PRESIDENT'S DINNER - NON-FEDERAL TRUST
3/14/01 $10,000.00
RNC REPUBLICAN NATIONAL STATE ELECTIONS COMMITTEE
8/19/99 $15,000.00
RNC REPUBLICAN NATIONAL STATE ELECTIONS COMMITTEE
11/3/00 $15,000.00
RNC REPUBLICAN NATIONAL STATE ELECTIONS COMMITTEE
2/22/02 $1,000.00
RELY ON YOUR BELIEFS FUND
6/12/02 $1,000.00
OHIO'S REPUBLICAN SALUTE
Corporate Officers
Walden W. O'Dell
Chairman of the Board, President and Chief Executive Officer, Diebold (See above)
Wesley B. Vance
Chief Operating Officer
8/16/01 $500.00
VOINOVICH FOR SENATE COMMITTEE
Michael J. Hillock
President, Diebold International
11/18/97 $500.00
FAIRCLOTH FOR SENATE COMMITTEE 1998
David Bucci
Senior Vice President, Customer Solutions Group
11/18/97 $500.00
FAIRCLOTH FOR SENATE COMMITTEE 1998
James L.M. Chen
Vice President and Managing Director, Asia-Pacific
Warren W. Dettinger
Vice President, General Counsel and Assistant
Secretary
11/18/97 $300.00
FAIRCLOTH FOR SENATE COMMITTEE 1998
1/30/97 $250.00
DEWINE FOR U S SENATE (2000)
Donald E. Eagon, Jr.
Vice President, Global Communications & Investor
Relations
11/18/97 $300.00
FAIRCLOTH FOR SENATE COMMITTEE 1998
Charee Francis-Vogelsang
Vice President and Secretary
Larry D. Ingram
Vice President, Procurement and Services
1/30/97 $250.00
DEWINE FOR U S SENATE (2000)
11/18/97 $300.00
FAIRCLOTH FOR SENATE COMMITTEE 1998

Dennis M. Moriarty
Vice President, Customer Business Solutions
11/18/97 $300.00
FAIRCLOTH FOR SENATE COMMITTEE 1998

Anthony J. Rusciano
Vice President, National Accounts
11/18/97 $300.00
FAIRCLOTH FOR SENATE COMMITTEE 1998
--- Hey Tony! Listing yourself as ?retired? and using
your vacation home address to avoid campaign donation
limits is a tad naughty don?t you think?

Home Page | Headlines | Previous Story | Next Story

Copyright (c) Scoop Media


4 posted on 08/27/2003 5:40:59 PM PDT by vannrox (The Preamble to the Bill of Rights - without it, our Bill of Rights is meaningless!)
[ Post Reply | Private Reply | To 2 | View Replies]

To: vannrox
GEMS system does use Microsoft Access

Hol-eee Cow! As much as I love MS, this is about the biggest boneheaded move anybody ever made. Using Access for something like this. Insane.

5 posted on 08/27/2003 5:41:01 PM PDT by TomServo ("It says that one time this big lobster came and attacked a lady, but Mr. Ed saved her.")
[ Post Reply | Private Reply | To 1 | View Replies]

To: Paul C. Jesup
Most states don't have lever-based systems anymore. It's much easier to cheat at this than many of the paper-based alternatives.

6 posted on 08/27/2003 5:41:20 PM PDT by GulliverSwift
[ Post Reply | Private Reply | To 3 | View Replies]

Comment #7 Removed by Moderator

To: vannrox
This is important bump!!!!
8 posted on 08/27/2003 5:43:44 PM PDT by CPT Clay
[ Post Reply | Private Reply | To 1 | View Replies]

Comment #9 Removed by Moderator

To: Paul C. Jesup; vannrox
Not sure who added 'HART' as a keyword - and I assume you're referring to Hart Intercivic here in Austin - but this is trouble.

Eek.

10 posted on 08/27/2003 5:45:52 PM PDT by txhurl
[ Post Reply | Private Reply | To 3 | View Replies]

To: vannrox
I prefer paper ballots. The kind you have to mark with a pen or pencil and that have to be counted in front of election judges from both parties. I would like it even better if we had to sign our ballots and put our names and addresses on them. It would provide an audit trail and make cheating much harder.

What's so sacred about a "secret ballot", is it in the constitution?

Yes, I know there are Libertarians, Greens, Socialists, QueerVote and so on. They don't count. If they ever pull 5% then they will matter.

11 posted on 08/27/2003 5:47:08 PM PDT by LibKill (Heaven frowns on all things french.)
[ Post Reply | Private Reply | To 1 | View Replies]

Comment #12 Removed by Moderator

To: vannrox
Every leftie European hacker must be salivating at the prospect of getting rid of GWB...
13 posted on 08/27/2003 5:48:32 PM PDT by Windcatcher
[ Post Reply | Private Reply | To 1 | View Replies]

Comment #14 Removed by Moderator

To: vannrox; Publius; CyberCowboy777; Eala
BTTT Frightening, but not surprising, computer vote fraud possibilities...
15 posted on 08/27/2003 6:00:59 PM PDT by Libertina
[ Post Reply | Private Reply | To 1 | View Replies]

To: vannrox
Fraud by design?
16 posted on 08/27/2003 6:01:21 PM PDT by Darksheare ("I sense something dark." No you don't!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: vannrox
an intruder opens the GEMS program in Microsoft Access

I think access is the key word here.

17 posted on 08/27/2003 6:05:17 PM PDT by Flyer (If you can read this you are posting too close)
[ Post Reply | Private Reply | To 1 | View Replies]

To: vannrox
PING!

Your One Stop Resource For All The California Recall News!

Want on our daily or major news ping lists? Freepmail DoctorZin.

18 posted on 08/27/2003 6:06:31 PM PDT by DoctorZIn
[ Post Reply | Private Reply | To 1 | View Replies]

To: vannrox
The fact that this thing uses Microsoft Access to store mission-critical data tells you everything you need to know.

http://www.verifiedvoting.org/

19 posted on 08/27/2003 6:07:53 PM PDT by E. Pluribus Unum (Drug prohibition laws help support terrorism.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: E. Pluribus Unum
I have to admit, I really find it difficult to believe that it actually uses MS Access to store data.

I think it's safer to say that the author is just using Access as a graphical display for the tables involved.

Although sometimes it's hard to believe otherwise, nobody's that stupid.
20 posted on 08/27/2003 6:27:31 PM PDT by altayann
[ Post Reply | Private Reply | To 19 | View Replies]

To: altayann
Well, I stand correct. They really are that stupid, they are using MS Access to store totals.

My God. Don't they know that *anybody*, and I mean *ANYBODY*, can get past MS Access's password protection?

It's like using a deadbolt on your front door made of plasticine. Hell, it's like having a front door made from plasticine.

21 posted on 08/27/2003 6:30:29 PM PDT by altayann
[ Post Reply | Private Reply | To 20 | View Replies]

To: Libertina
Thanks for the ping (and noted for detailed read later). What was frightening right off was this:

The computer programs that tell electronic voting machines how to record and tally votes are allowed to be held as "trade secrets."

Cryptography guru Bruce Schneier has long maintained that the worst form of security in cryptography is in hiding the algorithm. It gets no review, it gets no test, and as all too many real-life situations show (including the cracking of the Nazi Enigma machine, which though being quite powerful had a subtle weakness amplified by certain usage patterns), it's the things the developer doesn't foresee that become the weakness. (The most superior key in the world is still worthless if you continue "hiding" it under the front door mat.)

In my position as a humble but vaguely technically aware techie, this voting system cannot be considered secure or safe unless *everything* except the keys (passwords) are made completely public and subjected to intensive review in an open forum.

Any piece of code that remains hidden -- that could be the back door that isn't supposed to exist. But how would you know unless you could examine it, and rebuild the identical executable software yourself from the source?

22 posted on 08/27/2003 6:39:34 PM PDT by Eala (Annoy PETA -- try the Atkins diet.)
[ Post Reply | Private Reply | To 15 | View Replies]

To: vannrox
No voting system should be trusted unless the act of voting creates an indelible record of the vote. Electronic voting would be okay if the machines were constructed to be inspectable but tamper-evident, and if the votes were stored indelibly in some medium such as a bipolar PROM. I have yet to hear of any machine that actually does that, however.

Any reasonable system should be proof against attacks by someone who knows everything there is to know about it. None of the electronic voting systems I've seen even come close.

23 posted on 08/27/2003 6:40:32 PM PDT by supercat (TAG--you're it!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Eala
In my position as a humble but vaguely technically aware techie, this voting system cannot be considered secure or safe unless *everything* except the keys (passwords) are made completely public and subjected to intensive review in an open forum.

Slight disagreement: a voting system should only be considered secure and safe if its integrity would not be compromised by publicizing everything INCLUDING all encryption keys [actually, I don't see much use for encryption, though I do see some use for secure hashing].

In a normal encryption scenario, the guy who creates the keys is presumed trustworthy. In a voting system, by constrast, nobody is deemed trustworthy.

24 posted on 08/27/2003 6:45:13 PM PDT by supercat (TAG--you're it!)
[ Post Reply | Private Reply | To 22 | View Replies]

To: vannrox
All of this "research" was based on files that were supposedly downloaded from an open ftp on Diebold's web site and posted to the internet by an activist. Diebold has already stated that this software is not currently in use in any of its machines. For all we or the researchers know this could have just been code that was used for a demo or a design mock-up. I would be surprised if Diebold used Access as the database engine and expected it to be secure without some additional precautions.

One of the researchers, Avi Rubin, technical director of the Information Security Institute at John Hopkins, was revealed to have been on an advisory board and held stock options with Diebold's competitor VoteHere, Inc. This sounds like a hit piece but it deserves a full and open investigation.

25 posted on 08/27/2003 6:46:27 PM PDT by eggman (Social Insecurity - Who will provide for the government when the government provides for all of us?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: supercat
In a proven secure one-way key system I'd quite agree with you. But the thing that quite annoys me is that the code itself is not reviewable.
26 posted on 08/27/2003 6:49:40 PM PDT by Eala (Annoy PETA -- try the Atkins diet.)
[ Post Reply | Private Reply | To 24 | View Replies]

To: vannrox
Have you seen any updates on this:
http://www.freerepublic.com/focus/f-news/956097/posts
Experimental Web Program Opens Voting to Overseas Military

"Online voting, will become a reality when the Department of Defense employs its Secure Electronic Registration and Voting Experiment (search) next year." - if I remember correctly majority owned by SAUDI INTERESTS.

27 posted on 08/27/2003 6:53:26 PM PDT by getgoing
[ Post Reply | Private Reply | To 1 | View Replies]

To: LibKill
I prefer paper ballots. The kind you have to mark with a pen or pencil and that have to be counted in front of election judges from both parties.

I'm with you buddy... I like the personal touch in voting, and I don't care if it takes multiple hours to tally the votes. The audit trail is critical.

28 posted on 08/27/2003 7:01:00 PM PDT by ken in texas
[ Post Reply | Private Reply | To 11 | View Replies]

To: eggman
All of this "research" was based on files that were supposedly downloaded from an open ftp on Diebold's web site and posted to the internet by an activist. Diebold has already stated that this software is not currently in use in any of its machines.

The fact remains that it is physically possible, in all of the systems I've seen, for a sufficiently-knowledgeable person to alter the memory cards from voting machines to report whatever election results the person wants. Encryption won't change that keys have to be stored somewhere and a knowledgeable person would know how to get them.

If the electronic-voting people are actually interested in security, they're going about it all wrong. The right approach isn't to use all sorts of new fancy technology, but instead to use much more old-fashioned technology such as bipolar PROMs which, if burned with suitable cross-checking patterns, cannot be altered without the alteration being obvious. If the PROMs are written in records of 32 bytes or less, one byte of cross-checking data per record will suffice to prevent alteration. Otherwise, two bytes of cross-checking per record will protect records up to 8Kbytes; three bytes of cross-checking will protect up to 2Mbytes.

29 posted on 08/27/2003 7:01:01 PM PDT by supercat (TAG--you're it!)
[ Post Reply | Private Reply | To 25 | View Replies]

To: ken in texas
How about this: each poling place has an optical-scan ballot box, a collection of marking stations, and one or more electronic machines. A person who wishes to vote manually goes to a marking station, does so, and inserts his ballot into the optical-scan ballot box. A person who wishes to vote with the electronic machine makes his selections, punches "done", and then takes a freshly-completed optical scan ballot from the machine and places it in the ballot box (optionally inspecting it first).

Aside from the recurring cost of paper ballots (fairly small in the scheme of things), is there any way in which this approach is not as good or better than using DRE for everything?

30 posted on 08/27/2003 7:08:24 PM PDT by supercat (TAG--you're it!)
[ Post Reply | Private Reply | To 28 | View Replies]

To: supercat
I don't see why the machine has to handle the arrays in PROM, or any ROM, for that matter. What's wrong with fixed-length records sent for tabulation after collection?

Like an ATM? Your voting record goes off (from the flat-screen device) in flat ASCII, to allow officials to use whatever totalling code they wish?

And like an ATM, the voter would get a unique trans ID number so that privacy is maintained?

31 posted on 08/27/2003 7:14:56 PM PDT by txhurl
[ Post Reply | Private Reply | To 30 | View Replies]

To: Eala
You are correct about events unforseen by the programmer being the weakness, and it would be safer for coding to be open. but even then I see it as a problem... How many people can understand the code? Atleast with pieces of paper, they are understood by most. What I don't understand is why the Rs stay silent on this issue of voting fraud in general, and high-tech voter security specifically.
32 posted on 08/27/2003 7:16:59 PM PDT by Libertina
[ Post Reply | Private Reply | To 22 | View Replies]

To: txflake
I don't see why the machine has to handle the arrays in PROM, or any ROM, for that matter. What's wrong with fixed-length records sent for tabulation after collection?

If the votes aren't stored in an unalterable medium, a knowledgeable person with physical access to the media on which the votes are stored would be able to make any desired change.

Like an ATM? Your voting record goes off (from the flat-screen device) in flat ASCII, to allow officials to use whatever totalling code they wish?

In what form are votes stored?

33 posted on 08/27/2003 7:19:40 PM PDT by supercat (TAG--you're it!)
[ Post Reply | Private Reply | To 31 | View Replies]

To: supercat
Five or six drives - not RAIDed, discrete - per machine, with no outside physical (net, etc) access to the machine until they physically move the drives to the tabulation center?
34 posted on 08/27/2003 7:23:39 PM PDT by txhurl
[ Post Reply | Private Reply | To 33 | View Replies]

To: Eala

<![if !supportEmptyParas]> <![endif]>

Voting Machines - A High Tech Ambush

by Lynn Landes
Dissident Voice

October 29, 2002

<![if !supportEmptyParas]> <![endif]>

<![if !supportEmptyParas]> <![endif]>

"I'm mad as hell!" says Charlie Matulka.

<![if !supportEmptyParas]> <![endif]>

It looks like a high-tech ambush. But Matulka isn't going down without a fight. The feisty construction worker is running for Nebraska's U.S. Senate seat against incumbent Republican Senator Chuck Hagel.  Matulka's "war chest" is less than $5000. But campaign financing isn't his biggest concern. Who owns the voting machines and how easily they can be rigged or "malfunction" is what's got him all riled up. He's calling press conferences... demanding to be heard. 

<![if !supportEmptyParas]> <![endif]>

That might be difficult. Omaha's largest newspaper is part of the only company in Nebraska certified to count votes on election day. And Chuck Hagel has been an intrinsic part of that company for a long time.

<![if !supportEmptyParas]> <![endif]>

According to his press office, in 1995 Chuck Hagel resigned as CEO of American Information Systems (AIS), the voting machine company that counted the votes in his first Senatorial election in 1996. In January 1996 Hagel resigned as president of McCarthy & Company, part of the McCarthy Group that are one of the current owners of Election Systems and Software (ES&S), which itself resulted from the merger of AIS and Business Records Corporation. According to publicist/writer Bev Harris, Hagel is still an investor in the McCarthy Group. ES&S is now the largest voting machine company in America. One of its largest owners is the ultra-conservative Omaha World-Herald Company. 

<![if !supportEmptyParas]> <![endif]>

A call to the Office of Integrity, Voting Rights Division, Department of Justice (DOJ) in Washington D.C. regarding this extraordinary conflict-of-interest, earned this writer a terse "no comment." That makes sense. In over 40 years of voting machine "malfunctions" and election malfeasance, the DOJ still treats voting machine companies and their owners with kid gloves. 

<![if !supportEmptyParas]> <![endif]>

Charlie Matulka is just the latest target of America's thoroughly corrupted voting system.

<![if !supportEmptyParas]> <![endif]>

In a groundbreaking effort, Bev Harris and this writer are compiling extensive information on the voting machine companies operating in the United States. Voting machine companies are privately held and extremely secretive. They form a web of overlapping ownership, financing, staff, and equipment that makes it difficult, if not impossible, to separate one from the other. 

<![if !supportEmptyParas]> <![endif]>

ES&S, the largest voting machine company in America, claims to have counted 56% of the vote in the last four presidential elections. Again, it's owned by the ultra-conservative Omaha World-Herald Company, the McCarthy Group, and former owners of Business Records Corporation. ES&S was created from a merger between American Information Systems (AIS) and Business Records Corporation. Bob and Todd Urosevich founded AIS in the 1980's. Bob is now president of Diebold-Global, while brother Todd is a vice president at ES&S. Business Records Corp. was partially owned by Cronus, a company that seems to have a lot of connections to the notorious Hunt brothers from Texas, as well as other individuals and entities, including  Rothschild, Inc.. Right wing Republicans Howard Ahmanson (who financed AIS) and Nelson Bunker Hunt have both heavily contributed to The Chalcedon Institute, an organization that mandates Christian "dominion" over the world.

<![if !supportEmptyParas]> <![endif]>

Sequoia Voting Systems appears to be the second largest voting machine company, accounting for about 1/3 of the voting machine market. As of May 2002, Sequoia was purchased by Great Britain's De La Rue from Ireland's Jefferson Smurfit Group, who retain a 15% share. Smurfit was just bought by Madison Dearborn Partners, a private equity investment firm. De La Rue owns 20% of the Great Britain's national lottery. In 1995 the Security and Exchange Commission filed charges against four employees of Sequoia, alleging that they inflated revenue and pre-tax profits. In 1999 the Justice Department filed federal charges against employees of Sequoia alleging that during a 10-year period $8 million in bribes were paid out. Louisiana's Commissioner of Elections Jerry Fowler had run up some big gambling debts in Atlantic City, according to reporter Daniel Hopsicker. In all, 22 people were indicted, 9 plead guilty. Fowler went to jail, but big fish Pasquale "Rocco" Ricci of New Jersey got one year of home detention.

<![if !supportEmptyParas]> <![endif]>

Advanced Voting Solutions is the new name of another scandal-ridden voting company, Shoup Voting Solutions. Their current top management, Howard Van Pelt and Larry Ensminger, were executives for Diebold-Global until late last year. Officers of Shoup Voting Machine Co. were indicted for allegedly bribing politicians in Tampa, Florida in 1971, according to the San Francisco Business Times. Ransom Shoup was convicted in 1979 of conspiracy and obstruction of justice related to an FBI inquiry into a lever machine-counted election in Philadelphia.  Shoup got a three-year suspended sentence. Meanwhile, Philadelphia has bought new voting machines from Danaher-Guardian, which appears to only sell voting machines formerly known as the  "Shouptronic." 

<![if !supportEmptyParas]> <![endif]>

Danaher-Guardian is owned by billionaire brothers Steven M. and Mitchell P. Rales, who were described by columnist Jack Anderson in 1988 as "a pair of corporate raiders out of Washington DC." Again, Danaher-Guardian appears to only sell formerly Shouptronic voting machines.

<![if !supportEmptyParas]> <![endif]>

Diebold-Global's current president, Bob Urosevich, was the co-founder of American Information Systems which became ES&S. As mentioned before, Diebold-Global's top managers, Howard Van Pelt and Larry Ensminger, recently moved to Advanced Voting Solutions-Shoup. 

<![if !supportEmptyParas]> <![endif]>

And so it goes. We have an voting system that appears to be in a constant state of name change and rotating management, but always under the private control of the rich and infamous. Meanwhile, Congress has just passed a law that effectively throws hundreds of millions of dollars at voting machine companies that have a record that includes partisanship, bribery, secrecy, and rampant technical "malfunctions."

<![if !supportEmptyParas]> <![endif]>

Personally, I'll never vote on a machine again if I can help it. For the next election, I'll vote "absentee" (i.e., through the mail). In fact, Oregon has wisely rejected voting machines altogether and handles its entire election through the mail. The state of Washington offers that option, and Colorado is considering mandatory mail-in voting.

<![if !supportEmptyParas]> <![endif]>

Maybe those states are like Charlie Matulka. They know an ambush when they see one.

<![if !supportEmptyParas]> <![endif]>

Lynn Landes is a freelance journalist specializing in environmental issues. She writes a weekly column which is published on her website www.EcoTalk.org and reports environmental news for DUTV in Philadelphia, PA. Lynn's been a radio show host and a regular commentator for a BBC radio program.

<![if !supportEmptyParas]> <![endif]>

Links:

<![if !supportEmptyParas]> <![endif]>

* http://www.ecotalk.org/VotingSecurity.htm 

* http://www.talion.com/Hagel.html  

* http://www.csd.cq.com/senate_mem/s0531.html

35 posted on 08/27/2003 7:25:56 PM PDT by vannrox (The Preamble to the Bill of Rights - without it, our Bill of Rights is meaningless!)
[ Post Reply | Private Reply | To 26 | View Replies]

To: Eala

<![if !supportEmptyParas]> <![endif]>

Voting Machines - A High Tech Ambush

by Lynn Landes
Dissident Voice

October 29, 2002

<![if !supportEmptyParas]> <![endif]>

<![if !supportEmptyParas]> <![endif]>

"I'm mad as hell!" says Charlie Matulka.

<![if !supportEmptyParas]> <![endif]>

It looks like a high-tech ambush. But Matulka isn't going down without a fight. The feisty construction worker is running for Nebraska's U.S. Senate seat against incumbent Republican Senator Chuck Hagel.  Matulka's "war chest" is less than $5000. But campaign financing isn't his biggest concern. Who owns the voting machines and how easily they can be rigged or "malfunction" is what's got him all riled up. He's calling press conferences... demanding to be heard. 

<![if !supportEmptyParas]> <![endif]>

That might be difficult. Omaha's largest newspaper is part of the only company in Nebraska certified to count votes on election day. And Chuck Hagel has been an intrinsic part of that company for a long time.

<![if !supportEmptyParas]> <![endif]>

According to his press office, in 1995 Chuck Hagel resigned as CEO of American Information Systems (AIS), the voting machine company that counted the votes in his first Senatorial election in 1996. In January 1996 Hagel resigned as president of McCarthy & Company, part of the McCarthy Group that are one of the current owners of Election Systems and Software (ES&S), which itself resulted from the merger of AIS and Business Records Corporation. According to publicist/writer Bev Harris, Hagel is still an investor in the McCarthy Group. ES&S is now the largest voting machine company in America. One of its largest owners is the ultra-conservative Omaha World-Herald Company. 

<![if !supportEmptyParas]> <![endif]>

A call to the Office of Integrity, Voting Rights Division, Department of Justice (DOJ) in Washington D.C. regarding this extraordinary conflict-of-interest, earned this writer a terse "no comment." That makes sense. In over 40 years of voting machine "malfunctions" and election malfeasance, the DOJ still treats voting machine companies and their owners with kid gloves. 

<![if !supportEmptyParas]> <![endif]>

Charlie Matulka is just the latest target of America's thoroughly corrupted voting system.

<![if !supportEmptyParas]> <![endif]>

In a groundbreaking effort, Bev Harris and this writer are compiling extensive information on the voting machine companies operating in the United States. Voting machine companies are privately held and extremely secretive. They form a web of overlapping ownership, financing, staff, and equipment that makes it difficult, if not impossible, to separate one from the other. 

<![if !supportEmptyParas]> <![endif]>

ES&S, the largest voting machine company in America, claims to have counted 56% of the vote in the last four presidential elections. Again, it's owned by the ultra-conservative Omaha World-Herald Company, the McCarthy Group, and former owners of Business Records Corporation. ES&S was created from a merger between American Information Systems (AIS) and Business Records Corporation. Bob and Todd Urosevich founded AIS in the 1980's. Bob is now president of Diebold-Global, while brother Todd is a vice president at ES&S. Business Records Corp. was partially owned by Cronus, a company that seems to have a lot of connections to the notorious Hunt brothers from Texas, as well as other individuals and entities, including  Rothschild, Inc.. Right wing Republicans Howard Ahmanson (who financed AIS) and Nelson Bunker Hunt have both heavily contributed to The Chalcedon Institute, an organization that mandates Christian "dominion" over the world.

<![if !supportEmptyParas]> <![endif]>

Sequoia Voting Systems appears to be the second largest voting machine company, accounting for about 1/3 of the voting machine market. As of May 2002, Sequoia was purchased by Great Britain's De La Rue from Ireland's Jefferson Smurfit Group, who retain a 15% share. Smurfit was just bought by Madison Dearborn Partners, a private equity investment firm. De La Rue owns 20% of the Great Britain's national lottery. In 1995 the Security and Exchange Commission filed charges against four employees of Sequoia, alleging that they inflated revenue and pre-tax profits. In 1999 the Justice Department filed federal charges against employees of Sequoia alleging that during a 10-year period $8 million in bribes were paid out. Louisiana's Commissioner of Elections Jerry Fowler had run up some big gambling debts in Atlantic City, according to reporter Daniel Hopsicker. In all, 22 people were indicted, 9 plead guilty. Fowler went to jail, but big fish Pasquale "Rocco" Ricci of New Jersey got one year of home detention.

<![if !supportEmptyParas]> <![endif]>

Advanced Voting Solutions is the new name of another scandal-ridden voting company, Shoup Voting Solutions. Their current top management, Howard Van Pelt and Larry Ensminger, were executives for Diebold-Global until late last year. Officers of Shoup Voting Machine Co. were indicted for allegedly bribing politicians in Tampa, Florida in 1971, according to the San Francisco Business Times. Ransom Shoup was convicted in 1979 of conspiracy and obstruction of justice related to an FBI inquiry into a lever machine-counted election in Philadelphia.  Shoup got a three-year suspended sentence. Meanwhile, Philadelphia has bought new voting machines from Danaher-Guardian, which appears to only sell voting machines formerly known as the  "Shouptronic." 

<![if !supportEmptyParas]> <![endif]>

Danaher-Guardian is owned by billionaire brothers Steven M. and Mitchell P. Rales, who were described by columnist Jack Anderson in 1988 as "a pair of corporate raiders out of Washington DC." Again, Danaher-Guardian appears to only sell formerly Shouptronic voting machines.

<![if !supportEmptyParas]> <![endif]>

Diebold-Global's current president, Bob Urosevich, was the co-founder of American Information Systems which became ES&S. As mentioned before, Diebold-Global's top managers, Howard Van Pelt and Larry Ensminger, recently moved to Advanced Voting Solutions-Shoup. 

<![if !supportEmptyParas]> <![endif]>

And so it goes. We have an voting system that appears to be in a constant state of name change and rotating management, but always under the private control of the rich and infamous. Meanwhile, Congress has just passed a law that effectively throws hundreds of millions of dollars at voting machine companies that have a record that includes partisanship, bribery, secrecy, and rampant technical "malfunctions."

<![if !supportEmptyParas]> <![endif]>

Personally, I'll never vote on a machine again if I can help it. For the next election, I'll vote "absentee" (i.e., through the mail). In fact, Oregon has wisely rejected voting machines altogether and handles its entire election through the mail. The state of Washington offers that option, and Colorado is considering mandatory mail-in voting.

<![if !supportEmptyParas]> <![endif]>

Maybe those states are like Charlie Matulka. They know an ambush when they see one.

<![if !supportEmptyParas]> <![endif]>

Lynn Landes is a freelance journalist specializing in environmental issues. She writes a weekly column which is published on her website www.EcoTalk.org and reports environmental news for DUTV in Philadelphia, PA. Lynn's been a radio show host and a regular commentator for a BBC radio program.

<![if !supportEmptyParas]> <![endif]>

Links:

<![if !supportEmptyParas]> <![endif]>

* http://www.ecotalk.org/VotingSecurity.htm 

* http://www.talion.com/Hagel.html  

* http://www.csd.cq.com/senate_mem/s0531.html

36 posted on 08/27/2003 7:26:00 PM PDT by vannrox (The Preamble to the Bill of Rights - without it, our Bill of Rights is meaningless!)
[ Post Reply | Private Reply | To 26 | View Replies]

To: supercat
Or is that not snazzy enough?
37 posted on 08/27/2003 7:26:26 PM PDT by txhurl
[ Post Reply | Private Reply | To 33 | View Replies]

To: plusones
Stuffing ballot boxes is old fashioned, to steal big - you gotta use computers !   (Scroll down for updates)

on Thursday, July 24, 2003, notes in:
Politics:
Diebold is a blue chip voting software company responsible for programming about 33,000 ballot casting machines across this land of ours. In the first large test of its software "by recognized computer security experts," reports the New York Times , "serious flaws that would allow voters to cast extra votes and permit poll workers to alter ballots without being detected" were discovered. LINK: Computer Voting is Open to Easy Fraud --- if the link expired, our cache is located: (here)
"'We found some stunning, stunning flaws,' said Aviel D. Rubin, technical director of the Information Security Institute at Johns Hopkins University, who led a team that examined the software from Diebold Election Systems, which has about 33,000 voting machines operating in the United States."
"The systems, in which voters are given computer-chip-bearing smart cards to operate the machines, could be tricked by anyone with $100 worth of computer equipment, said Adam Stubblefield, a co-author of the paper."
"A spokesman for Diebold, Joe Richardson, said the company could not comment in detail until it had seen the full report. He said that the software on the site was 'about a year old' and that 'if there were problems with it, the code could have been rectified or changed' since then. The company, he said, puts its software through rigorous testing.
You will hear much more about this story in the weeks and months to come.
UPDATES:
Md. Voting System's Security Challenged -- Electronic Cheating Too Easy, Study Says
By Brigid Schulte, Washington Post Staff Writer, Friday, July 25, 2003; Page B01, (here)
A touch-screen voting system that Maryland has just agreed to buy for $55 million and install in every precinct in the state is so flawed that a 15-year-old with a modicum of computer savvy could manipulate the system and change the outcome of an election, computer scientists at Johns Hopkins University said yesterday.
An analysis by the Information Security Institute suggests that voters could cast their ballots repeatedly and poll workers could tamper with the ballots -- all without detection -- on the system, which is already in place in several states.

Voting Machine Study Divides Md. Officials, Experts

By Brigid Schulte, Washington Post Staff Writer, Saturday, July 26, 2003, (here)
For some in Maryland, the report yesterday by Johns Hopkins University computer security experts that electronic voting machines could easily be hacked into set off alarm bells. But for others, including the state officials who recently signed a $55.6 million agreement to put the units in every voting precinct by March, the report is one more example of "technological hysteria."
"The study should be setting off alarm bells," said Del. William A. Bronrott (D-Montgomery). "We need to be 100 percent sure that there is no chance that our machines can be tampered with."

The Theft of Your Vote Is Just a Chip Away
By Thom Hartmann, AlterNet, July 30, 2003, (here)
Are computerized voting machines a wide-open back door to massive voting fraud? The discussion has moved from the Internet to CNN, to UK newspapers, and the pages of The New York Times. People are cautiously beginning to connect the dots, and the picture that seems to be emerging is troubling.

Jolted Over Electronic Voting -- Report's Security Warning Shakes Some States' Trust
By Brigid Schulte, Washington Post Staff Writer, Monday, August 11, 2003; Page A01, (here)
The Virginia State Board of Elections had a seemingly simple task before it: Certify an upgrade to the state's electronic voting machines. But with a recent report by Johns Hopkins University computer scientists warning that the system's software could easily be hacked into and election results tampered with, the once perfunctory vote now seemed to carry the weight of democracy and the people's trust along with it.

Study raises concerns as states rush to buy electronic voting machines
BY Erika D. Smith, Akron Beacon Journal, Monday August 18, 2003, (here)
AKRON, Ohio - It was just an obscure Internet portal tucked in one corner of the Web. With a black background and blue writing, it wasn't much to look at - on the surface anyway. Truth is, the Global Election Systems' Web site was a Pandora's box of controversy just waiting to happen. And it did happen - exposing Global's new owner, Green, Ohio-based Diebold Inc., to a new level of scrutiny. Now Diebold, and perhaps the whole electronic-voting industry, could pay the price. And it all started with a simple Web site. That site, which Diebold took over with Global in 2002, contained thousands of sensitive files on the hardware and proprietary software of Diebold's touch-screen voting system, said Bev Harris, a publicist turned e-voting opponent.

RESOURCES:

Electronic Voting
Description: Voting expert Rebecca Mercuri's website, with papers on the subject, and many articles and websites... (here)

Black Box Voting: Ballot - Tampering in the 21st Century
Communities all across America are purchasing electronic voting (e-voting) machines, but there are serious security issues with the technology that aren't ... (here)

Vote Scam .Com
The definitive site for information on systemic vote rigging in America. Indispensible for research on computerized voting machine fraud, corporate election fraud, and the role of the media in manipulating vote results. (here)

Florida is ready for 2004 !   (humor)

38 posted on 08/27/2003 7:28:25 PM PDT by vannrox (The Preamble to the Bill of Rights - without it, our Bill of Rights is meaningless!)
[ Post Reply | Private Reply | To 12 | View Replies]

To: GulliverSwift

Md. Voting System's Security Challenged


Electronic Cheating Too Easy, Study Says


By Brigid Schulte
Washington Post Staff Writer
Friday, July 25, 2003; Page B01

Exerpt....

"...A touch-screen voting system that Maryland has just agreed to buy for $55 million and install in every precinct in the state is so flawed that a 15-year-old with a modicum of computer savvy could manipulate the system and change the outcome of an election, computer scientists at Johns Hopkins University said yesterday..."

"...An analysis by the Information Security Institute suggests that voters could cast their ballots repeatedly and poll workers could tamper with the ballots -- all without detection -- on the system, which is already in place in several states..."

"Is it responsible to let people vote when they know the machines can be compromised?" said Avi Rubin, technical director of the Baltimore-based institute. "What the state of Maryland needs to do is to realize they purchased something that didn't work and ask for their money back." The machine's manufacturer, Diebold Election Systems, defended the integrity of election results and dismissed the report's findings as the concerns of those who spend too much time in the ivory tower.
39 posted on 08/27/2003 7:32:00 PM PDT by vannrox (The Preamble to the Bill of Rights - without it, our Bill of Rights is meaningless!)
[ Post Reply | Private Reply | To 6 | View Replies]

To: supercat
At first blush it sounds interesting... but I don't see that the investment in a lot of electronic equipment to register votes is necessary. For instance... will the printers be locked machines that can only be serviced by "authorized employees?" If so, who can certify that the same kind of ink is used to print all of the marks on a machine printed scan card?

I understand the desire to introduce technology into the process; I just don't think the current setup which uses machines running "proprietary software" that is not subjected to peer review is suitable for use. I've got 30+ years in the computer field, and I know what they can do, but I'm not comfortable with the fancy voting machines being introduced today. Unfortunately, politics is a dirty business, and we should use voting and tabulation techniques that make it as difficult as possible to manipulate the results.

Just my $0.02.

40 posted on 08/27/2003 7:33:52 PM PDT by ken in texas
[ Post Reply | Private Reply | To 30 | View Replies]

To: ken in texas
At first blush it sounds interesting... but I don't see that the investment in a lot of electronic equipment to register votes is necessary.

One of the claimed advantage of DRE machines is that they can be used by blind or otherwise disabled voters. What I'd like to see would be to use optical-scan ballots and have a means by which disabled people could use them, rather than using DRE machines.

41 posted on 08/27/2003 7:40:46 PM PDT by supercat (TAG--you're it!)
[ Post Reply | Private Reply | To 40 | View Replies]

To: ken in texas
I'm with you buddy... I like the personal touch in voting, and I don't care if it takes multiple hours to tally the votes. The audit trail is critical.

Me, too. The first thing to go electronic should be ID-checking. (which we can't do in CA)

We've been using punch cards, so I've never seen a lever-based system. Scantron-type optical ballots could be better than the punch cards, since one couldn't punch a stack of ballots with simply a nail, and since Scantrons could accommodate a large number of candidates like on our recall ballot. Also, we wouldn't have the ACLU complain about minorities not knowing where or how to vote with new-fangled technology, since elementary school children have no problem using scantron-type forms on their standardized tests.

42 posted on 08/28/2003 4:32:48 AM PDT by heleny
[ Post Reply | Private Reply | To 28 | View Replies]

To: altayann
I have to admit, I really find it difficult to believe that it actually uses MS Access to store data.

Looks to me like it is harvesting the Access data from some other database and using Access to generate reports.

Still a very bad idea.

I like Access for small, non-critical projects with three or four simultaneous users, but that's it. It is not secure, and it is definitely not stable enough for this sort of application.

43 posted on 08/28/2003 6:03:45 AM PDT by E. Pluribus Unum (Drug prohibition laws help support terrorism.)
[ Post Reply | Private Reply | To 20 | View Replies]

To: vannrox
http://www.freerepublic.com/focus/f-news/917449/posts

Volunteer to your party to help your town or city check for election fraud; call your party Hq. today and offer to help. You are especially needed if you have expertise in computers – each state will have to decide on the use of electronic voting but whatever the method used, volunteer help is needed now.

Clinton and fraud are synonymous.

44 posted on 08/28/2003 8:37:10 AM PDT by yoe
[ Post Reply | Private Reply | To 1 | View Replies]

To: vannrox
http://www.freerepublic.com/focus/f-news/917449/posts

Volunteer to your party to help your town or city check for election fraud; call your party Hq. today and offer to help. You are especially needed if you have expertise in computers – each state will have to decide on the use of electronic voting but whatever the method used, volunteer help is needed now.

Clinton and fraud are synonymous.

45 posted on 08/28/2003 8:37:12 AM PDT by yoe
[ Post Reply | Private Reply | To 1 | View Replies]

Comment #46 Removed by Moderator

To: vannrox
bttt for later
47 posted on 08/28/2003 9:41:35 AM PDT by boxerblues (God Bless the 101st, stay safe, stay alert and watch your backs)
[ Post Reply | Private Reply | To 1 | View Replies]

To: vannrox
This thread is more important than watergate-kudos to vannrox for posting it ....I've been following this fraud situation for some time...good to see it here....also check my thread on wally O'Dell (CEO Diebold) boasting on how he''ll deliver Ohio to the president.


Secret Meetings of the Black Box Yakuza-article by David Allen (Daves comments in{ } )

"We just didn’t want a document floating around saying the election industry is in trouble, so they decided to put together a lobbying campaign.”

- Harris Miller, ITAA

At 11:30 today, a phone conference took place with a who's who of the Black Box Voting industry. The purpose of the call was to explore hiring ITAA to lobby on behalf of the now besieged industry.

Invitations were sent out, along with an agenda (this is a PDF file, and contains my comments. Click on the note icon for my comments, the original text is unaltered).

Typical for this industry, security was non-existant and I managed to join the conference (by dialing the number and using the passcode, provided to me by a sympathetic insider who didn't attend. ) I used my own name when I introduced myself to the rest of the conference, then I sat for an hour and took notes.

Please excuse punctuation errors, I am hurrying to get this up. Also, in transcribing my notes, I am trying to keep as true to what they said as possible, including grammar and pauses.

_Notes of Conference Call between ITAA and Black Box Voting Industry_

{The meeting appears to have been set up with the help of R. Doug Lewis (The Election Center) and Hart Intercivic (a voting machine company). }

{Lewis drones on about this being a long time coming and the need for the industry to speak with one voice. }

{Let me quote from the Election Center's web site: }

{" The Election Center is a nonprofit organization dedicated to promoting, preserving, and improving democracy. Its members are government employees whose profession is to serve in voter registration and elections administration." }

{It seems to me that colluding with for profit companies and helping them hire a lobbying firm is not in the spirit of this organization's charter.}

Harris Miller (ITAA) Gives the intro spiel about the company and how it can help the industry "stave off short-term attacks" from academics and "activists".

{Apparently a meeting was held in Florida last week to discuss how to broaden the base of support for e-voting (I think the meeting was between ITAA and R. Doug Lewis). }

A question is asked about how ITAA can help the industry speak with one voice. Harris explains about helping them establish certification standards and coming to the defense of a company under attack. He then adds, jokingly (I think) "unless you want use your knives on him as well."

He also touches on the need to establish a "blue ribbon" panel which could help refute problems like Diebold is currently having.

{I assume this blue ribbon panel will fill the same role for the BBV (black box voting) industry that the Tobacco Institute filled for the tobacco industry. }

{Interesting to note that I heard not a peep from Diebold the whole call. Smart boys. }

Unknown individual (AccuPoll?) asked about whether the lobby would be addressing internet voting, which was a train wreck waiting to happen. ITAA said it was not on the agenda.

{Good! }

ITAA said that they could help get critics "on our side" but admitted that some critics are unappeasable.

{Why thank you! }

ITAA felt the industry should help create its own credebility by setting high standards.

{The highest standards in the world are meaningless if the code is secret. }

Efforts must be made to get academics "on our side".

Working with NIST (National Institute of Standards and Technology) is desirable, however, if NIST mandated an oversite committee chaired by David Dill (a respected industry critic), ITAA assumed no one would want to play.

ITAA suggested “re-engineering” the certification process to make the industry the “gold standard” so they can eliminate “side attacks you are subject to now from people who are not credible as well as people who are somewhat credible.”

{Notice they don't see such a thing as a credible critic.}

Question: Would the existing Elections Systems Task Force be reconstituted or reformatted in any way?

Answer: They have been more focused on the HAVA (Help America Vote Act) legislation but would be interested in meeting with this group. (The major companies involved are Northrop-Grumman, Lockheed-Martin, Accenture and EDS.)

{Gee, did you know that major defense contractors are involved in our elections?}

The Election Systems Task Force’s “goal was very limited. They just wanted to get the legislation HAVA enacted and to create more business opportunities for them as integrators. Their agenda was “how do we get congress to fund a move to electronic voting?”

R. Doug Lewis (Head of Election Center) suggested that ITAA draft a legal brief to address the concerns of possible anti-trust ramifications so that members of the new group would know what they could and could not do. ITAA concurred and said it would do so at the first meeting of the new group.

David (ITAA) asked for views on the memorandum.

MicroVote asked what would happen if a non-member got into trouble over some issue such as security, would the Blue Ribbon Task Force remain mute or would it turn into “a loose star chamber where you have commenting vendors commenting on another vendor’s situation?”

Harris (ITAA): Normally we would not comment on a non-members situation, it wouldn’t be appropriate. “Unless the industry came to the conclusion that it was negatively impacting the entire industry.” In which case we say we can’t comment on company “x” and we reiterate our standards and code of ethics that our coalition adheres to.

Any group who gets in trouble would hopefully join us to get out of trouble.

{This seems to provide great incentive for ITAA to rat out a "non-member" if they had dirt on them. }

Accenture (Mark) brought up the point that self-certification will be a “tough sell” to the public. We can’t win the PR battle if ITAA tries to do an ITA’s (independent testing authority) job.

“But I do think it is very important that the industry be more aggressive and more coordinated in the way that it gives input to the ITA (Independent Testing Authority) process and the people who control the ITA process. They’ve solicited that input in the past and I don’t feel the industry has done a particularly good job of providing that input. And this is something I feel this industry can be a real conduit for.”

{So, our independent testing authorities should not be allowed to be TOO independent. }

ITAA agreed that they wouldn’t be involved in an ITA-like certification process. They would help to improve the process by “bringing in people to re-engineer it. But it shouldn’t be ITAA itself doing the certification.”

{Yep, no independence for the ITA's if they can help it.}

ITAA moves that the goals and “deliverables” are agreed to.

{"Deliverables" is doublespeak for "lobbiest services". }

An objection is raised that all the goals are NOT agreed to.

Unknown: “I see no lobbying effort here and secondly I don’t think we have, as a group, set down and defined what we want before we run off and subscribe to the ITAA process.”

{The ITAA does want there money by the 29th. }

“We should sit down face-to-face before we spend $150,000 and determine what we want as a group.”

Someone felt this was a fair question, but pointed out that no one was committing to ITAA as a consequence of this meeting.

Chet from AccuPoll: “Absolutely lobbying is an essential element for this industry.”

Harris (ITAA): “We were too subtle by half. Our #4 goal, “develop liaisons with key constituencies” is a nice word for lobbying. We just didn’t want a document floating around saying the election industry is in trouble, so they decided to put together a lobbying campaign.”

{Harris then goes on to boast about his lobbying experience.}

“My background is I worked on Capitol Hill for ten years and ran a lobbying firm for ten years, before I took over here in ’95. A third of my staff has direct public policy experience working on Capitol Hill. We are the most quoted IT trade association in Washington, etc, etc. I can give you all the bona fides if you want them.

I just don’t like to put it in writing because if this thing winds up in the press somewhere, inadvertently, I don’t want the story saying the e-voting industry is in trouble and decided to hire a lobbying firm to take care of their problem for them.”

{Yeah, that would be embarrassing, especially since the voting machine industry is in trouble and has hired a lobbying firm to take care of their problem for them. }

R. Doug Lewis: “The truth of the matter is you’re not on the same side of the issues when it comes to what you would lobby for.”

“Some of you have a vested economic interest that it should get lobbied one way versus another.”

“One of the things that you ought to do is at least employ ITAA to draft a legal memorandum that says under what conditions you guys can meet together... and pay them for that... and maybe even pay them for hosting this sitdown that you want to do to figure out your interests. Then make your determinations on whether you want to go forward with a specific proposal. ”

ITAA (Harris?): You don’t even have to pay us for it... and I appreciate Doug... you are trying to look after my checkbook.

Doug: Laughter

ITAA: I’m willing to come to a meeting wherever and have a couple of staff people come down, and eat a couple of grand to do that. I won’t do a hundred page legal memo.

Unknown person: “Clearly one of the themes going around is related to collusion among industry sources, so any meeting of all the players is, by definition... unfortunately taken by some people as not a constructive exercise, but one of negative exercise. So, it would probably be best as Doug suggested, that it would be better that we pay you to do that.”

{Isn't it just like us to suspect collusion when innocent industry players get together to rig the game?}

Harris: “Okay.”

Unknown: "That way, no one would perceive you weren’t an independent body."

{As opposed to a hired gun.}

Harris: “Okay.”

Lewis: “In that regard, other than helping you get set up and acquainted with each other and willing to start this process, while we are still in the quasi-regulatory phase...although the Election Center has no judgements it can issue in any way, shape or form on this... the Election Center is going to need to bow out of this also. We’ll be glad to talk to you about any thing you want to talk about, and be a sounding board, but in terms of your organization and discussion of industry issues, we are probably best not being involved in that.... at least until we are no longer the place where we do work for NASED (National Association of State Elections Directors).”


Discussions of how the BBV task force would be governed. Decisions would not be reviewed by the ITAA board except in two circumstances:

1) It was completely opposed to something ITAA stood for. "For example if you came out and said Security is completely irrelevant to IT work. That is so fundamentally opposed to our views that it would have to go up the ladder before you could release a statement like that."

2) If there was a major division in the task force about an issue becoming ITAA policy, which rarely happens.

Emmett (Freeman?) Accenture: “In terms of the task force responding to media inquiry, does the task force handle that role, where someone becomes a spokesman for the group? If so, who does it?”

Harris: “The answer is ITAA, it usually goes out over my name, but we could add other companies if you wish. Let’s assume we wanted to respond to some attack... assume another academic came out and said something against one particular company and the task force wanted to respond. The task force would put out a statement, ‘Harris Miller, on behalf of ITAA, says this is BS’... we would also invite other members of the task force to put in comments if they want... normally the first person to put in a comment would be the chairman and other companies would have a chance to comment, blah, blah.. and be included in the press release.”

Emmett: “So, that’s the kind of protocol you have to deal with public debate.”

Harris: “Similarly, when we get press calls and the press says ‘Joe Academic says your industry’s full of crap and doesn’t know what it is doing.’ What do you say Harris? The reporters always want to know what are the companies saying?.. And there can be two scenarios there: The companies may want to hide behind me, they don’t want to say anything... frequently that happens in a trade association, you don’t want to talk about the issues as individual companies. We have that issue right now with the Buy America Act, for example in congress. No company wants to act like it’s against Buy America -- even though they’re all against it – so I take all the heat for them.

{Gee, some of ITAA's clients are going to be pissed when they read this. }

The other alternative is they say sure, my company wants to talk to them, my CEO, my PR director, whatever, I’ll send them over. Our PR people know this. We never give out the name of a company member unless we know the company wants to talk.”

Emmett: “All of that seems... like currently useful for dealing with this kind of situation we’ve seen lately. It would be a big help.”


Proposal to have another conference call next Thursday at the same time, absent ITAA, so they can discuss what the whether to hire ITAA or not.

Tracy Graham: Question about the cost on “deliverables” Was that a per member cost, or total cost?

ITAA: Total cost.

Request for how annual dues are calculated (they range from $600-$44K, depending on a company’s sales. "Deliverables" will cost up to $200,000+).

There are dues and project costs. Everyone pays dues, project costs are split amongst the members of the task force as they see fit.

Discussion of fees and what is covered. Harris explains that the fees depend on what is done. If a “Blue Ribbon” panel is needed, then fees must be allocated to compensate the panel members.

“You would have to pay for some meeting time, for these blue ribbon people, you might have to pay them a fee... a minimal fee to attend a meeting.”

Tracy Graham: “We must have a proactive strategy at this time to improve the overall perception in the industry, so we are absolutely supportive of this type of forum and action on behalf of the industry.”

Jack (Gerbel?) Unilect: “We agree as well, with what Tracy said. This is very necessary to do.”

Adjournment.

{And that, my friends, was a peek at our democracy being sold down the river.}

48 posted on 08/28/2003 5:10:35 PM PDT by angel12
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson