Electronic Voting Machines: Oooof! Here’s proof

This info may have been posted somewhere on DU already, its hard to keep up with all the posts in all the forums. Bev Harris has been doing a bang up job in keeping us update with black box voting as well. So I offer this up to anyone who may have missed it, its a very good read!

Snip>
NEW, from the Diebold files MORE: http://www.blackboxvoting.org/JimMarch.htm

3:31 p.m., five hours before poll closing: Diebold voting machines “CALLED HOME”

What happened at 3:31 p.m. on election day in San Luis Obispo County California? A file from the Diebold stash examined by Jim March, of Alameda County California, turns out to be from a real election, and it contains real votes. And it also contains a real problem for Diebold, because it is illegal to count the votes before the polls close. Even more interesting: What mechanism was used to get votes to migrate from 57 polling places into a central tally in the middle of the afternoon?

Activist Jim March put the files on a NEW web site containing a selection of the Diebold files, designed so that you can create a demo CD and personally demonstrate the security flaws to reporters and your local election officials: http://www.equalccw.com/dieboldtestnotes.html Says March to Diebold: “You are cordially invited to bite me. Bring it on. Make my day!” (See a “Why Diebold isn’t going to sue me" below.)

For some reason, the Diebold optical scan machines in 57 precincts simultaneously had an E.T. moment. They “called home” with election results while the election was still in progress, summing up the votes in 57 precincts, then tagged the file to a Diebold employee and placed it on a Diebold company web site. <snip

http://www.whoseflorida.com/misc_pages/e-votes_ooof_heres_proof.htm

:kick:

There are far more realistic scenarios, all of 'em innocent.

GEMS has the capability of getting precinct counts in the middle of election day - it's a documented feature.

see something here that I am missing. Please educate me.

"GEMS put the software on the ftp server?" - I see no reference to this concept in any of the linked articles in this post. This makes me wonder why you would raise this question and then claim unstated answers to it, all innocent. What the article does discuss is the transfer of data, not software. Not understanding the difference between software and data is understandably common among people who do not work in or study this field. If you read the linked articles, and if you think they refer to "GEMS put the software on the ftp server", then, no offense, but you may need to hone your technical chops and then return to this subject. Or if you simply mistyped, then please let me know what your intended thought was.

"GEMS has the capability of getting precinct counts in the middle of election day - it's a documented feature." - I guess this could be another mistyping or something, because, again, you seem to be confusing the nature of the claim. If I understand correctly what I have read, the "documented feature" you mention relevant to precinct counts is discussed and analyzed in the linked article. I am perplexed that you seem to cite it in your post as somehow explanatory, elucidating or exculpatory. What do you mean?

One certainty is that you do not mean that Diebold manuals or other Diebold materials document the fact that Diebold itself can clandestinely transfer real-time election data to the Diebold company's computers, or by implication, transfer this data anywhere they please.

I am sitting about sixty miles from where three US citizens were murdered, in the most brutal way, by their local government because they were helping fellow US citizens register to vote.

So I am touchy on this subject. I want you to either tell me you are a confused, well-meaning amateur, or explain to me what I have misunderstood about this issue.

and have similar experiences. So please keep a civil tone.

I was referring to this excerpt

They “called home” with election results while the election was still in progress, summing up the votes in 57 precincts, then tagged the file to a Diebold employee and placed it on a Diebold company web site.

Now, that's not a technical explanation, is it? It describes functionality you or I could theoretically code, but which we could not practically hide in an application that was inspected before state certification.

who has access to that site. If the Republican (or Democratic) party had access to that site, it could be of some use in figuring out where they should put their resources, or the 'voter' with a bogus smart card. the transmission and display of that data is a serious breach of security.

The more eyes and ears having access to data, the less secure that data.

That means a corruption of election officials that has nothing to do with the method of polling. But candidates have their own informal means of canvassing on election day - the only scandal here would be if the file were manually manipulated and again, that requires a scenario in which the entire office is enlisted in the conspiracy: the GEMS machine is not networked and is kept physically secure.

Perhaps because it's such a freakin' joke.

http://www.blackboxvoting.com/modules.php?name=News&file=article&sid=1
Dr. Williams, says Michael Barnes (Georgia Secretary of State's Office, his interview also appears on this page) is the man who certifies voting machines for the state of Georgia.

Professor Emeritus - CSIS Dept, Kennesaw State College - Kennesaw, Georgia

Harris: "I have questions regarding your certification of the machines used in Georgia during the last election."

Dr. Williams: "For the state of Georgia — I don't do certification. The law gives the Secretary of State the authority to say what systems are certified and what are not. What I do is an evaluation of the system. The FEC publishes standards for voting systems. We have national labs that examine for compliance with FEC and if they are in compliance, certification is issued by NASED. Once that's done it's brought into the state and I evaluate them as to whether or not they comply with any state laws. Then we look at ease of installation and operation. Then I prepare a report to the Secretary of State, essentially stating whether or not the system is in compliance with Georgia rules and regulations. Then the Secretary of State takes that report, in combination with the others, and certifies it."

Harris: "What was your involvement in certifying the program patch that was put on? Did you actually certify the patch, or did you determine that it was not necessary?"

Dr. Williams: "Part of our testing program is when these machines are delivered we look at the machines and see that they comply. And in the process of doing that — representatives of Kennesaw University did this — we found about 4-5% of the machines were rejected, not all because of screen freezes but that was one of the problems."

Harris: "It was the screen freezes that caused them to issue a program patch?"

Dr. Williams: "Yes. The vendor created a patch addressing the screen freezing. It made it better but didn't completely alleviate the problem."

Harris: "Did you do a line by line examination of the original source code?"

Dr. Williams: "For the original — no. We don't look at the source code anyway, that's something done by the federal ITAs."

more

-------

and from Gordon25, one of the authors of the Pima County Report (http://www.pimademocrats.org/votingreport/votingintegrity.htm ):
http://www.democraticunderground.com/discuss/duboard.php?az=show_topic&forum=104&topic_id=154804#158470

Ciber, Inc. is the only company in existence willing to certify software since the court decision making the software source code a trade secret. Ciber, Inc. claims the means it uses to test the software to ensure it meets NASED standards are trade secrets. Therefore, not only can we not see the code ourselves, we are not even allowed to know how the software is tested to be certified.

The Rubin and Harris reports, aside from raising serious questions about the software, also raise extremely serious questions about the certification process. Diebold, Inc., and Ciber, Inc. have essentially just been saying trust us. The code meets certification standards because we say it does. Now, with these two reports, we find security flaws in the source code so egregious as to defy explanation.

One example. In the Harris report one of its most shocking findings was that the GEMS vote counting software had within it an extraneous utility program, unrelated to vote counting, which allowed the time/date stamp audit trail to be altered without leaving a trace. The audit trail, required by even simple basic programming security protocol, automatically records with a time/date stamp every entry into program or data files, and any changes made. This audit trail is touted by Diebold as the safety feature which can assure election officials the system is safe and untampered with. The inclusion of a program which allows alteration of that audit trail, and erasure of any evidence of the alteration, cannot be explained away as programming negligence or sloppy security. It’s presence is a huge red flag, and could understandably be seen as circumstantial evidence of an intent to defraud.

Perhaps more importantly, Ciber, Inc. is on record as saying that their certification process entails a line by line examination of the source code. If that was done, how is it possible they did not find this audit trail alteration utility program and demand its removal before certification?

Again, this is a failure of such magnitude it can not be explained away as negligence or sloppy code examination. Such an explanation is tantamount to an admission that the company is not fit to be a certifier of something as terribly important as the software used to count our votes.

----

Did I say joke? I think National Certification is a SCAM. And if Georgia is any indication, State Certification is both a joke and a scam.

Eloriel

But thank you for the detail that the federal ITAs examine the code.

Yes, the system needs re-examination. But examining the code has nothing to do with a file modification utility, which anyone with malicious intent can obtain on their own.

Fredda -- Once again, for the umpteenth time, I will ask you a question you have repeatedly failed to answer.

How can the inclusion of code allowing the time-date stamp audit trail in the GEMS software to be modified without leaving a trace be excused as sloppy programming or coding oversight? Would you not agree its presence is reason enough for the software to be decertified?

The audit trail feature is theoretically there to prove the integrity of the data collected and manipulated by the program and to ensure that no unauthorized alteration of the data has occurred.

And how is it that a line by line examination of the source code during the certification process didn't find this anomaly and demand it's correction prior to certification?

And finally, couldn't it's presence just possibly, maybe, on the off chance, indicate circumstantial evidence of an intent to defraud? Remember, before you reply, the definition of circumstantial evidence: "Law. Evidence not bearing directly on the fact in dispute (i.e., whether or not there is an intent to defraud), but on various attendant circumstances from which the judge or jury might infer the occurance of the fact in dispute." (The New American Heritage Dictionary of the English Language; Houghton Mifflin Co.; page 244).

Will you answer this time?

Gordon25

and you are no longer talking about transfering software, or clandestine Diebold access during an election being a documented feature, fine.

Re: your excerpt - A technical explanation would naturally be many pages of acronymic gobbleddygook useless to most readers, so I don't think the excerpt is so intended. The idea it states, and implied functionality, seems to be supported by the facts on the ground, by which I mean the actual data that has been analyzed, as opposed to psuedo-code.

"could not practically hide in an application that was inspected before state certification" - I have zero doubt that I (and certainly others) can "hide" a simple "function" in the executable code of a substantial application, so that it is detectable only by the most arduous, byte-by-byte hex examination performed by highly skilled and lucky analysts working for a very long time. Even using standard, off-the-shelf compilers. I have done this often and routinely for security purposes in my company's proprietary software, and no breach has yet occurred over many years and billions of transactions, despite multiple, documented attempts. I doubt seriously that the inspection and certification process comes even close to the low-level investigation required to detect such. I'll bet they don't even disassemble this code each time they inspect, or perform random spot audits comparing precinct code to certified code, but would be glad to hear they do if anyone knows.

And exactly what code is inspected and what code is run seems to be a troublesome issue with Diebold. A real serious "version control" problem, no?

Mark Crispin Miller
Greg Palast
Joe Conason
Denis Wright
Pluto Press
Bev Harris
Will Pitt
Jason Leopold
Tamara Baker
Thom Hartmann
Martin Heldt ( http://awolbush.com )
Bev Conover ( http://onlinejournal.com )
Alastair Thompson ( http://www.scoop.co.nz )

A.: They're all progressive!

Q.: And who do they hate more than anyone else?

A.: Why the Conservatives of course!

Q.: What else do they all have in common?

A.: :evilgrin: Folks! Don't feed the TROLLS! Some of them bite.

This public service announcement brought to you by People for Human Auditable Elections. :)

http://www.democraticunderground.com/discuss/duboard.php?az=show_topic&forum=104&topic_id=269727


I am locking this one.

NYer99
DU Moderator