Diebold GEMS tabulator software--does it violate HAVA?

MY QUESTION IS--DOES THE SECURITY FLAW IN THE DIEBOLD GEMS SOFTWARE VIOLATE THE HAVA ACT and could the tabulators be immediately decertified on this basis?

BACKGROUND:

By now everyone in this forum is probably aware of the "DIEB-THROAT" story at www.BradBlog.com concerning the backdoor vulnerability in Diebold GEMS tabulator software--allowing a hacker to manipulate votes directly without leaving a trail. (The audit log can also be altered, as I understand it). WHAT THIS MEANS is that the GEMS tabulators don't even have a password-protected database that is encrypted--anyone can look directly at vote totals via the backdoor. In no way does this meet any sort of basic security standards. Although Bev Harris and Andy Stephenson did initially point out this vulnerability in 2004 and their finding was published on a US-CERT Cyber Security Bulletin (Sept 1 through 9, 2004), the "inside source" at Diebold confirms that the company had NO intention of fixing the problem and in fact discouraged technicians from questioning the flaw. Diebold seems to be guilty of willful negligence and fraudulent misrespresentation to state elections boards. There has been no attempt to fix this flaw by the company. I'm not a lawyer, but it seems to me the Diebold company is liable.

Here's the discussion initiated by Brad at DU in GD on Thursday Sept 15: http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=104&topic_id=4782407&mesg_id=4782407

"Bradblog Exclusive! A Diebold Insider Speaks!"
(excerpt) "A branch of the U.S. Department of Homeland Security Department issued a "Cyber Alert" about the security vulnerability prior to the (2004) election and, our source tells us, "Diebold's upper management was aware of it...but did nothing to correct it."...

------------------------
This report on the National Ballot Integrity Project website also provides some background:
"Electronic Voting--Critical Issues, Critical Risks"
by Joan B. Krawitz
http://www.ballotintegrity.org
Email: taskforce@ballotintegrity.org • Phone: 847-869-5025

The way they wanted us too.

Thanks MG.
:kick:

In the DU discussion on Brad's post (link above), RallyInDC says:

"this is it. this is the beginning of the end......for THEM....
this is hard-copy information we can give to every city official, and force them to de-certify these machine programs because they have violated HAVA.

its a legal issue now....that anyone can bring to court.

what a better time than to blast the whole area....and make sure they start removing these trojan horses! http://verifiedvoting.org /

now what we need, what we must have is someone coming forward who manipulated the totals....and soon....

if we get that, then we can force the democrats and others to shut congress down until the VERIFIED PAPER BILL IS PASSED.....and we will get it passed, and then boom........down goes the crooked election diebold and his cronies."

I would assume someone knows the answer to this. It could be very important.

Title 1 disburses money to replace older punch card and lever voting machines

Title 3 disburses money to purchase voting equipment that is handicapped accessible



HAVA additionally deals with voter registration, Military voting, money for wheelchair ramps at polling places, and a few other odds & ends.

HAVA does not deal with any security issues.

system requirements. Remember the voting SYSTEM includes everything, and the term "SYSTEM" is actually defined in HAVA. It's not just the DRE.
Might be worth another read with that in mind.

And I'll say it once again:

This hack only screws up tabulator totals. A canvass of the precincts would find it right away. It's LAME, but there are other possibilities that are easier to hide.

I think that's why Holt's HR550 tries to address it.

IS THERE already in place in the states--an independent procedure to count precinct votes and compare them to central tabulator votes? OR does the tabulator vote always stand as the final without question? IF SO, then it would not be so lame to have altered votes that way in the last election. Not lame at all.

Maybe somebody who has been on the ground in Ohio knows the answer to this question.

Sorry if this is re-hashing old ground, bill bored. I'm trying to understand the legal responsibilities of a company that deliberately manufactures a computer product which invites illegal
tampering without a trace. What can be deduced about a company that does nothing to correct this flaw before an election, nor afterward?

I'm more interested in the legalities of what has already been done rather than the potential for abuse in asking this question about HAVA. But I would be interested in your "other possibilities that are easier to hide," if they were operational during the last election.

Here's how they could get out of it:

They could simply recommend that a precinct canvass be done before announcing official results. Case closed. Now do they do this in their literature and do the states actually do it? I'm not sure. I have seen them mention it in response to criticism though. And in the famous Howard Dean/Bev Harris video, Kevin Shelley said they do it in his state. This takes a lot of wind out of the fraud sails because there's a solution that puts the onus on someone else other than Diebold.

But there are other hacks more dangerous than this that must be revealed. Maybe Dieb Throat will do that.

DID Diebold make this recommendation, and DID states follow it?

--Sounds like they did possibly do this "precinct-canvassing" in California--but in how many other states?

--How confident do we feel about the results in CA as opposed to other states? Does CA provide a successful example of precinct verification that can override the central tabulator totals?

--In ANY state, is there a mechanism for dealing immediately with a discrepancy between the precinct canvass and the tabulator totals?

*******
Oh I'm sure there are other more dangerous hacks. But this seems to be a very obvious one that has been known for awhile (obviously before the last election) and is useful in that it would seem to have been baby simple to pull off during the last election, when it was only necessary to alter a small number of state totals.

If we let them get away with THIS easy hack, then what precedent does that set for the use of more dangerous ones?

because I can't figure out how we can deal with the very people(VOTE STEALING MACHINE MAKERS) who were responsible for getting the people into office who left Americans to DIE in the streets of NO?

PAPER BALLOTS HAND COUNTED BY THE PEOPLE no more bullshit.

could trigger a recount wherever DREs and/or paper ballots tabulated by optiscans are used...

the vote stealing machines in the first place, if we have to run parallel elections to protect our vote?

How do you fund and get people to participate in parallel elections
when it's hard enough getting them to participate in any elections? The only way I could see that working is if elections were mandatory.

And why is it NOT necessary for Canada and other countries to hold parallel elections? How would parallel elections work any better than independent random hand-counts (along with independent exit polling) as a safeguard? You can extrapolate whether vote counting is accurate without literally duplicating EVERY vote.

<http://uscountvotes.org/ucvAnalysis/US/paper-audits/Paper_Audits.pdf>

"It is not enough to to require voter-verifiable paper records of ballots. The paper records must be easily and "independently" auditable and routinely audited by persons other than the voting machine vendor or other insiders within the election system."

--Certainly this sounds good in theory, but I think it only works well if auditing happens at a large number of precincts, preferably all precincts. And how is the auditing carried out, by machine or by hand?

Precinct auditing addresses ONLY the validity of the precinct totals--it does not address the issues of discrepancy between the
precinct totals and the central tabulator totals. That would seem to require an independent tallying of ALL precinct totals together, comparing them with central tabulator totals. Which could be done if precinct totals were extremely accurate.

In fact why buy the most expensive voting system possible-- then put VVPB printers on it-- to print a paper ballot-- when we could start with a paper ballot and scan the ballot with an optical scanner. Optical scanners are cheaper to buy & operate, they are 10 times faster & are recognized in the industry as the most accurate voting system. Nationwide, studies have been done that show rates of ballot spoilage by voting system. Typically spoilage rates, or undervote rates, break down by voting machine type. The undervote rate for Optical scanners is about 0.5%. Lever voting: 1.0%, Punchcard voting 2.0%. Recent studies of New Mexico and Pennsylvania show under vote rates of touchscreen voting systems as high as 15% to 20%, with typical undervote rates around 7% to 10%

at the end of the night--- a results cartridge is removed from the DRE and plugged into the tabulator-- which tabulates the votes--- this total is sent via a modem as the "unoffical results".
Sequoia says in its literature that you should never send official data via a modem.
Yet typically the official state level results are tabulated from these precinct level "unofficial results".

If no one at the precinct level ever checks the state posted results--- one wouldnt know if the precinct level official results jive with the state -- OFFICIAL RESULTS---

The machines should be removed instead. Nobody should be using the Diebold tabulators or Sequoia if it can be proven they aren't verifiable.

There should be NO reason at all to have to do parallel elections, if the machine is verifiable and open-audit. Like the AutoMark system and similar secure systems for voting.

AutoMark isn't fool-proof either. It has removeable flash memory cards
that can contain malicious code potentially (e.g. they can be programmed to cause the machine to overheat, etc.). Plus it's really expensive and is expected to only last 5 yrs.

Machines with open source code can still have malicious code installed in firmware. Certification is not done for each individual machine.

You're right, there should be NO reason to have to conduct parallel elections...and in a hunky dory world, there should be NO reason to have an election protection movement or a DU, or locks on doors ...

The alert is for the Diebold GEMS central tabulator, versions 1.17.17 and 1.18

Posted at the United States Computer Emergency Readiness Team site, in a Cyber Security Bulletin. They describe the risk as "medium".

Medium - A medium-risk vulnerability is defined as one that will allow an intruder immediate access to a system with less than privileged access. Such vulnerability will allow the intruder the opportunity to continue the attempt to gain privileged access. An example of medium-risk vulnerability is a server configuration error that allows an intruder to capture the password file.

http://www.us-cert.gov/cas/bulletins/SB04-252.html#diebold

These North Carolina Counties have the GEMS listed as having the back door:

Edgecombe - GEMS 1.17.17
Gaston -GEMS 1.17.17
Rowan - GEMS 1.17.17

By looking at a graph of the machines sorted by state, to see which version of GEMS went where? I think this needs to be done.

but I couldn't find the answer to this question myself. Maybe one of the voting organizations has some clues.

Summary of Voting Systems Usage by County/Precinct

VerifiedVoting: Election Equipment Summary by County
http://www.verifiedvoting.org/verifier

Overview of Voting Equipment Usage in United States (05/05/04) (County Data Pg.7) - Election Data Services:
http://www.electiondataservices.com/EDSInc_DREoverview.pdf

Map of Voting Equipment Used in Each County in the 2002 Election - David C. Kimball


Voting Methods/Vendors by Population in State (2004) - Pobeka's Complete Tabulation
http://www.democraticunderground.com/discuss/duboard.php?az=show_topic&forum=201&topic_id=5446

Electronic Voting Machine Locations (8/17/2004) - Electronic Frontier Foundation
http://www.eff.org/Activism/E-voting/location_list_v0.3.pdf

it still seems to be difficult to find out exactly how many of these late-model GEMS tabulators are out there....

--The breakdown of voting methods by county is certainly useful, esp the DU compilation.

MAP: One thing that caught my eye on the map:

"central scan" --lt blue
"precinct scan" --dk blue

What exactly does this mean? For ex I live in a county marked "central scan" (optical scanners at every precinct with central tabulators)

So what is "precinct scan"? How is the final tallying handled?

..."precinct scan" is when the scan is done at the precinct, and "central scan" is when ballots are sent from the precinct to, say, the county where a bunch of precinct's ballots are scanned.

so you are saying that in the case of "precinct scan" there is no central tabulator? Then how are state totals arrived at?

In my area, "central scan"--there is a scanner at each precinct and those totals are sent to the states central tabulator.

I'm trying to see how these two systems might work differently--any idea?

But I'm not 100% sure, either.

Any one who can help us, here?

All vendors will sell you the tabulators
--- for any polling location that has more than one voting machine pecinct level, or

--- sell you a tabulator say just one-- at the county or state level-----

Precicts level tabulation is better-- wether it be DREs or opscans, see my post soemplace upthread-

what I'm not getting is how you come up with state totals of all the precincts in "precinct tabulation" system--who does that and where and how. And does that bypass use of say...the GEMS tabulator at state level?

If your area has "central tabulation" as mine does, I am assuming there is BOTH 'precinct tabulation' and 'central tabulation' going on...since at the time of voting I insert my card into a scanner before leaving the precinct, and these totals are sent to the state tabulator.

Still trying to figure out how these two systems work, since they were presented as two different animals on the big map above.

It depends on when the county purchased their machine and
also the salesman as to what version of GEMS they have.

I emailed all of the NC Diebold County Election Directors and asked them what version they had.

I also have a list (not complete) from the State Board of Elections.

There are at least 3 different versions of GEMS in use in our state, and we have Diebold precinct optical scanners, and Diebold TS.

OK, am I understanding that the Diebold 'precinct optical scanners' are somehow different from a 'central tabulator'? And the GEMS software in various versions runs all of them?

So did you receive the requested info and was it relatively easy to get? Seems we'd have to do this in every state to get the big picture...do you think this kind of overview is not available to voting rights groups or has never been done?

Good work on doing this compilation, WillYourVoteBCounted.

transmitting results to one tabulator at the state level