More Voting Machine Test Lab Transcripts, (Minutes 120-150)

Sorry for the delay, it takes a lot of time to transcribe this stuff. :)

Black Box Voting : Latest Consumer Reports from Black Box Voting: 4-4-06: More Voting Machine Test Lab Transcripts
------------------------------------------------------------

Posted by Bev Harris on Tuesday, April 04, 2006 - 04:46 pm:

(Minutes 120-150) - California Senate Elections Committee Hearing from
Mar. 29, 2006. To help you process the information, a commented
version of the transcript will be available, probably tomorrow. That
will give you a guided tour, whether you are a techie or a non-techie.
In the mean time, continuing with the transcripts...

Preview: So Diebold is running around the country making visits to its
voting machines.

Election officials: Take a look at the following statements, near the
end of this transcript:

Wyle Labs: "First the customer needs to ensure
that the vendor isn't changing software and not admitting it...Beyond
that if the customer finds out that the software has been changed,
then it's really got to be up to the customer to require the
regression testing..."

(Excuse me - reality check, boys. Right now many election officials
have elections coming up within the next eight weeks. You really
expect them to monitor their software for changes -- note that they
are given no tools to do so -- and then make sure there is regression
testing at an ITA lab, before using their machines? In the mean time,
what about their election?)

Systest Labs: "Another interesting point is that patches generally
can't get into the software without the customer knowing about it,
unless they've giving the vendor free rein. I would never encourage
that.

So, Systest, what does an elections official in Utah, Ohio,
Mississippi or Georgia do if the vendor shows up unannounced for a
"service call" on the voting machines?

While elections officials are expected to do six impossible things
before breakfast, the ITAs breezily point fingers at them. They also
finger-point NASED and the vendors, but at no time do the ITAs seem to
realize what is obvious to most of us who read the whole transcript:

While they are so busy trying to collect a few bucks for pushing a
square peg through a round hole, they never step back and say, "Hey,
does
this concept even work?"

Senate Elections Chair Debra Bowen gamely tries to evaluate just that
question. If you have the stomach for it, you be the judge: Does the
ITA concept protect your vote?

* * * * *

TRANSCRIPT: Minutes 120-150 (of 200)

Systest (Brian Phillips): You know you raised a point, I think it's a
valid one, if every state had their own IV&V for this, and I think
that's part of where the academics are going, the issue there is, "who
pays for that?" In the end, the taxpayers pay for it, because it's
going to increase cost of the voting systems because the IV&V doesn't
come free of course, you know. Neither do the systems themselves.

Senator Debra Bowen: Although I have to say my experience again, and I
am the person in California who first pushed for IV&V vendors on big
IT systems, I think in '95 or '96. I'm the propeller-head who said
we're not going to continue to have big IT systems in California where
we have a major failure rate, we're going to require as a condition of
the procurement that we have an IV&V vendor and it has saved the state
of California's taxpayers phenomenal amounts of money.

I can think of no instance in which it hasn't paid off directly and
certainly even if there were some instances where a review was done
that said that everything is great and it's perfect and we hereby
resign as IV&V vendors because we just can't add any value -- if there
were two that were like that, and I don't think there are -- overall
the equation is so heavily biased for having that extra set of review,
in part because we're all human beings and we get too close to what
we're doing and we don't see…

Systest (Brian Phillips): But let's take that example, most likely it
would be the secretary of state's office that would have the IV&V
vendor. The IV&V vendor's client is the secretary of state's office,
if you were to call my office up and say "I need your IV&V reports, I
would not be able to send them to you. You would have to get them from
the secretary of state. They may – not knowing California's rules
within the organizations they may or may not feel obligated to send it
to you.

I know in Colorado it's that way, the Department of Labor Employment
may not be obligated to send our reports to the Department of Revenue.
So you still have those issues

Senator Debra Bowen: In fairness, we did get the equivalent of the
IV&V report from the Voting Systems VSTAB, but we got it three days
after the Diebold system was recertified, so we got it but at that
point it was a nice academic exercise to look at what was in it,
because the decision was already made, and nobody knew that it was
being done until after it was issued. So that's our problem to deal
with from a transparency standpoint.

I have NOT had this experience with IV&V vendors with other IT
systems. When we did an IV&V process for the Department of Corrections
system and from various other large systems our legislative analyst's
office has always had the to review the IV&V's work as well as the
main contractor's work. So this issue -- nobody has ever said that I
can remember "Well the state automated welfare system is proprietary
so we're not going to let anybody look at what we're doing. This is
unique to this vending, voting machines.

Wyle (Joe Hazeltine): Is it not unique to California?

Systest (Brian Phillips): I would say it's more unique to California
because in Colorado the Department of Revenue would not have access to
any of the things that come out of Labor and Employment, we're doing
the IV&V on Revenue as well. Labor and Employment, and Transportation,
they don't have access to it. There is an information management
counsel and they get summaries of the status reports from the IV&V
that's about it so, whether that's the right way to do it or not, I
personally think that if I'm doing IV&V for the state our ultimate
customer are the citizens of Colorado or California or wherever. But
those are the legislative rules they've set up. It might be unique
here then. Or not unique, but at least, I've seen it differently in
other states.

Senator Debra Bowen: Well it is, and we have different, there are now
different rules about the deposit of proprietary code and, you know
who has access to the review of the code.

But I think this little interchange probably gives you a better idea
of what the kind of concerns are that I get and when I read someplace
else that, gee there's a hard-wired crypto key in the source code and
it's the same for every machine, I wonder what we're doing that
results in that information being discovered in a process that's good
enough to identify that as a security issue but stopped at a place
where it can't be, where there's no action required to fix it, to
change it.

Fix it's the wrong word, it's a choice. It's a choice. But it could be
– it's one of those things where, I don't understand the workaround
that says well let's just reprogram every machine where we put it out,
when you don't have to create that problem in the first place. You
don't have to do that. You don't have to write it that way.

Systest (Brian Phillips):But I will tell you that there is a process
where things like that, at least, I've seen in other states, we have
been contacted by other states, there was a situation very similar to
the one you said where they found there was hard-coded passwords,
through their own state certification and they contacted us, said "Why
didn't you find it," we said, "we did, we wrote it up, it's
informational, it's in the qualification report." Said "Oh, we have a
copy of that," they went to that, said "Sure enough, here it is." All
right, fine, we're going to make -- but they understood why it was
still given qualification, because it wasn't a requirement they could
preclude it. But at least the process was there for them to find it
and they decided – I don't know what their decision was, but they
decided to deal with it one way or the other. So that does kind of
work, it's just, it's not a perfect system yet.

Senator Debra Bowen: We're aiming for perfection, but we understand.

Systest (Brian Phillips): May I, if I can, there's a couple things I
wanted to just finish up in my presentation I think were important. We
discussed the testing processes and our approaches are very similar
but only software related. But I do want to, our relationship with the
vendors, this is taken straight off our quality systems manual. We are
independent from all the vendors, all the voting system manufacturers.
Our employees and our subcontractors and their employees, should we
use subcontractors, cannot have any direct beneficial interest in a
voting system product. And that is a very very important policy within
our organization. In addition we have an independent relationship with
our subcontractors so that we're able to render our reports
objectively without any bias.

And finally our relationship with the vendor. We try to set up our
contractual relationship with the vendor so that there can be no
financial pressure used on us in any way. Our efforts are tied to
materials, price. So if Vendor A comes to us and they've got a really
good product, they've done everything really well, it could cost them
$100,000 whatever, But if vendor B comes in and they've got a very
very bad product and it needs to be reworked quite a bit, and that
could go on for quite a while, we're not under any financial pressures
to kind of get their product out the door. Matter of fact, it's the
opposite, if we weren't honest business people, it would be the
opposite, to try to find more problems.

So there isn't anything, I've heard oftentimes from the academics, Dr.
Shamos and Dr. Rubin both have said "Oh, it's in the ITA's best
interest just to pass these vendors and get them out the door." That
actually is the exact opposite if you look at it from a business
perspective, we're more honorable than that, but you can look at it
that way.

Senator Debra Bowen: But I would ask just one question about that, we
all know what it was like in college to try to find the professor who
had the class that you could pass basically without going to class
much, and some students, not all I never did this and I'm sure that
none of you did either, but I knew some students who would do a lot of
homework to find out which classes they could get a passing grade on
without really doing much work, and those professors were in demand by
a certain group of students.

If there's only one place to test, you don't get to choose which place
you try to go certify, but if there's more than one, wouldn't it be
human nature to try to, if you're concerned about certain things, or
you are in a hurry, or whatever else it is, to go look for the path of
least resistance in the testing?

Systest (Brian Phillips): I would assume so.

Wyle (Jim Neu): There might be that, but all of us as ITAs, our life
blood depends on the perception that in fact we are independent and
accurate in our reporting. Voting systems account for less than one
percent of my business and less than one-tenth of one percent of Wyle
Laboratory's business. So for me to put our reputation at risk with
the Nuclear Regulatory Commission, with which we do a huge amount of
business, or any other major organization in the U.S., for the amount
of money that we make testing voting machines it would be very
foolish.

Senator Debra Bowen: I think that's a point well taken. But I am
concerned about the kind of thing that we see in this e-mail, and this
goes back to a question I asked earlier, that's, you know, you've got
hardware and firmware and then you've got software that's not
firmware. And you've drawn a line so that you basically can put a
vendor in a situation to say "Well we don't want to send the Win CE
system to Wyle" -- maybe they don't want to because they know you're
going to look at it and you may or may not like what you see, at any
rate you're going cost them more on a time and materials basis if you
actually look at the Win CE 3.0 operating system. And so, you know,
you've got now an incentive to try to say over here, "Well that's,
this is it's commercial off the shelf, or "That's firmware," or "It's
software so you don't have to look at it," that's going to be over
here – how do we get, who is responsible for looking at it over all –
How's this supposed to work when we have--

Systest (Brian Phillips): I mean there are points in time that we have
to--

Senator Debra Bowen: You have less of this obviously, because you're
end to end

Systest (Brian Phillips): We work quite often as a hardware ITA or as
a software ITA as well. So we don't do all of our engagements as a
full. But we have to look at, as the vendor is at least going to be
honest with us as much as possible until we find otherwise. So if a
vendor comes to us and says, "I've got these five components of
software that need to be tested, one of them is COTS, my operating
system is COTS so that makes two out of the five."

We'd have to -- there's really no way for us to go in and check behind
them unless we have access to the source code from Microsoft, or
Crystal Reports would be a good example, or something like that, so we
have to there's got to be some level of trust put in there. However if
we're told that it isn't COTS, then we will run it through all the
tests that we're supposed to run it through. So I don't have an answer
to how do we do it. Even if it was a government regulated industry, I
mean a government organization you still have those kind of issues so
I don’t have an answer to that.

Senator Debra Bowen: I think for Wyle in particular –

Systest (Brian Phillips): -- But oh I do, I'm sorry, what I wanted to
say though is that – gentlemen, correct me if I'm wrong on this, but I
think that any software that's part of the polling place device, does
fall – at least, we have taken it that way – it does fall under the
hardware ITA –

Wyle (Jim Neu): Yes.

Systest (Brian Phillips): So if it is software running on a hard drive
on a touch-screen device, or it's on the EEPROM within that
particular device, and so forth, Wyle would look at it (if it wasn't
COTS, of course) –

Wyle (Jim Neu): Right.

Systest (Brian Phillips): I'm not trying to speak for you. I mean
that's the way we approach it. Anything that's associated with a
polling place device falls under the purview of a hardware ITA.

Senator Debra Bowen: So this Win CE 3.0 should have--

Systest (Brian Phillips): That is the operating system for the--

Senator Debra Bowen: Which Diebold didn't want you to look at because
you don't certify operating--

Wyle (Joe Hazeltine): --Now, I read this e-mail very much different
than that.

Senator Debra Bowen: Okay, tell me how you read it.

that sounds strange. Basic is a programming language, not an operating
system. Time marker: 133:23 minutes]

Wyle (Joe Hazeltine): "We do not want Wyle certifying operating
systems – we do not want to certify operating systems with Wyle," and
that's correct. Operating Systems generally are something which is
COTS, you know, Basic or Windows XP, I mean operating systems that are
out there have been fully developed, as you said earlier have been
tested by used by thousands of people, so that's what that's saying,
so they don't need to get the Win CE 3.0 as a software program--

Senator Debra Bowen: But that's not--

Wyle (Joe Hazeltine): But that sentence says "We do need to get Ballot
Station 4.3.2 certified by Wyle," which is a specific application of
that software in the Windows CE environment. That's what I'm reading
here, I'm not reading about somebody saying, "We don't need to have
this done, we've modified it."

Wyle (Jim Neu): To truly comment on it we'd have to go back and look.
I don’t know what's embedded in Ballot Station 4.3.2, in fact it may
be that there are some elements that interface with Windows CE 3.0. If
the Windows CE 3.0 was unmodified and was COTS and the Ballot Station
3.0 simply interfaced with that, then in fact this person may be
completely accurate.

Senator Debra Bowen: I'm told that there is no such thing as Windows,
Win CE 3.0 that will run in a shrink-wrapped, COTS version.

That it all – that Microsoft, again, did something unique with that
particular software package, not like what they do with XP. They
released it to developers because there was big competition for who
was getting into the PDA market. And not releasing your operating
system meant, at that point, that Palm was going to have the
developers there. And so they released Win CE 3.0 and it was never
intended to be COTS it was a developer tool.

But I think the bigger concern is that, you know, here you've got a
vendor basically writing in internal e-mail "We don't want Wyle to
look at this." And you don’t even know enough in your -- or maybe you
do, maybe you've got somebody, you know, I understand you don't know
every single thing that happens in your shop, I certainly don't know
everything that happens in mine, sometimes I'm taken by surprise by
things I said that I didn't even know I said. note"]. But it is of concern to me if somebody's deliberately trying
to keep me from doing something that I should be doing.

Wyle (Joe Hazeltine): I don't read this e-mail in that context at all—

Wyle (Jim Neu): If that were the case, that would be of concern to us
as well. And unfortunately I don't have the specifics about, you know,
there are many many examples of e-mails taken out of context--

Senator Debra Bowen: I'll grant you that.

Wyle (Jim Neu): Which, we've all gotten trapped in that. Writing some
e-mail that addressed a particular thing in a context that the
recipients understood and the outside world who found the e-mail did
not. And I have no idea what the precise circumstances were, here, for
that. We can go back and take a look at that.

Senator Debra Bowen: I mean the circumstances here are, I think, are a
discussion of what it would take for then the Global – now Diebold –
system to be approved by Wyle. You've got one person saying "Win CE
3.0 to be approved by Wyle" as part of the list of work, that's on the
top of the e-mail on number 1, that's on the to-do list of one of the
people who's communicating here is that this operating system needs to
be approved and the other person comes along later and says "no we
don't want Wyle and certifying operating systems," and there's nothing
that says it's commercial off the shelf so it doesn't whatever, and of
course maybe they didn't say that.

But you've got people disagreeing internally about whether or not it's
appropriate to have Wyle looking at the operating system. So that's
the context. But I'm sure you'll go back and have a look.

Wyle (Jim Neu): Yes.

Senator Debra Bowen: Let's turn to just a couple – and you still --
Mr. Phillips I'm really sorry. You just raised some, what happens is I
get very interested in something you say.

Systest (Brian Phillips): Well no, that's perfectly fine, I
understand, that's -- I think I'll just summarize. I can't seem to get
this slide to come up on my, for some reason it's not showing, it's
hidden. But anyway, it's software and as a software testing company I
still get up every morning and thank goodness for Microsoft because it
gives work to do.



Systest (Brian Phillips): I kind of want to summarize that we believe
we have a very thorough testing process. It is based on what we
believe to be the industry's best practices and years of continuous
improvement starting back in the early 80s as my days as in IV&V and
trying to add all that into what we do. Our processes are transparent
and open to all industry parties.

I made an open invitation, I don't know how many times I've done it,
but I made an open invitation on record in the November summit to
everybody who was there who wanted to come out to our lab. We will
show you how we do it. We're very proud of the work that we do. We
think we're very, very thorough when it comes to our testing services.
No one taken us up on it. But you'll hear--

Senator Debra Bowen: Part of the problem is the November summit wasn't
open, I was not allowed to be there. Many of the people who are very
interested in this issue wanted to go, were told that they could not
go.

Systest (Brian Phillips): To be honest that was one of the reasons
why, when the first request came about we kind of didn't think too
much about it, we figured well, we've just been to California, and we
just went through this information, you know, I'm assuming they can
get all of that, and then it was explained by Darren that that wasn't
the case.

But it is, we are open, we will gladly show you, walk you through
everything we do, we've had members of the EAC, NIST, NASED, out,
obviously they, the auditors have come out many times, and we're being
audited starting in two weeks by NAVLAB for the preliminary process to
become a VSTL.

Senator Debra Bowen: Tell us what both of those mean.

Systest (Brian Phillips): Oh, ah NAVLAB <(whisper: what does NAVLAB[br />stand for?)]

Wyle (Jim Neu): National Voluntary Lab Accreditation, it's run by
NIST.

Systest (Brian Phillips): And NIST is the National Institute of
Standards and Technologies, and VSTL is the new acronym for ITAs,
Voting System Test Labs. But they still refer to it as ITAs in a lot
of the documentation we get.

So, but I want to emphasize that, we're, nothing we do, the only thing
that we will protect, of course, is our clients proprietary
information, their trade secrets and things that we have to protect,
our nondisclosure agreements and contractual confidentiality
agreements. But to see how we do it, how we develop our tests, what
we're testing to, to the thoroughness that we're testing, how we
document those things, how we regression test, the iterative process,
over and over again until they get it right, is wide open for
everybody to come and see. So I'll reiterate my open invitation if
you'd like to come to Colorado. It's a great ski season.

Senator Debra Bowen: I've always wanted to come to Colorado I've had
precious little skiing this year.

Systest (Brian Phillips): We have been audited many times by the NASED
auditors and will continue to do so. And, as I've mentioned before, I
just want to make sure that, because there's always been question that
we're not independent, but we believe that the way we structure our
contractual arrangements with the organizations that we do testing for
allows us to maintain nothing but independence and impartiality. And I
think it's really important that we emphasize that.

Senator Debra Bowen: Let's talk a little bit about what's coming in
the future, as the Election Assistance Commission, the EAC, eventually
assumes the role that NASED, the National Association of State – see I
don't even know them all –

Systest (Brian Phillips): State Election Directors

Senator Debra Bowen: State Election Directors has. Under the Help
America Vote Act we're going to have a shift from NASED to EAC. How
will the process differ, and you referenced it with some of your
alphabet soup in the last comment, what do you think will be
different, or is it just the names, the .

Systest (Brian Phillips): Some of it will be just name changes but
there will be some new -- for instance, the organization responsible
for accrediting the labs, and I believe Wyle's already NAVLAB
approved, correct –

Wyle (Joe Hazeltine): HOLA

Systest (Brian Phillips): HOLA, good, then that's also accepted too.
But NAVLAB, which I've just described, will be actually responsible
for accrediting the labs, they'll do the audits, they'll review the
results, interview the people, the whole process, and it's a lengthy
process, it's not something that happens in a couple of days, it
happens-- from start to end it can take the better part of a year to
get through the entire audit process, we expect it to do that, just
because it's iterative itself. We're applying just as a vendor would
be applying for qualification, it's an iterative process. The EAC is
also going to be part of that because NAVLAB will accredit the labs as
sort of a basic accreditation and then you have to demonstrate to the
EAC knowledge of voting systems, the standards, requirements etc. that
are specific to voting systems qualification, so there's sort of two
accreditations there, one to be a NAVLAB approved lab, and then the
other to be specific to voting systems testing.

In addition I've think maybe, perhaps you've all seen this, but I've
seen NIST becoming more involved, the National Institute of Standards
and Technologies. They're wanting to use the national software
repository to control and all of the software that's being used in
each of the counties, by version and by hash code, and various other
ways to uniquely identify software. So Riverside County California has
vendor A version 3.1, they could confirm that that software's exactly
the same software, they can still do that today, they can go back to
the ITA to get that information as well, because we have this as well,
but NIST is getting involved.

I would like to think that we're going to see a more rapid movement on
requirements improvements, process improvements or anything such as
that, but I don't necessarily see that yet. I'd like to think that the
EAC is just getting themselves up and going a little bit and once they
really get going, but I've been saying that for the last couple of
years and I've had this discussion with Donetta Davidson and others
that you really move this along because to go two or three months
between meetings and nothing seems to move between those meetings is
not helping anybody within the industry, whether it's the states, the
vendors, the ITAs.

Senator Debra Bowen: One of the issues that I continue to be concerned
about in this process is how we deal with, literally after the NASED
number or the NIST qualification is issued, what happens if a patch, a
bug is discovered, there's a patch, something is changed, how do you
not make it a disincentive to the vendor to change something because
of not wanting to go back to square one and go through what Wyle
described as, basically we go back and redo everything. Is there a way
to try to deal with that problem in the new process that's different,
or are we just kind of stuck and that's the way it has to be?

Systest (Brian Phillips): Well if a patch, let's say a software patch
is required, generally it's been required because somebody has found
something out in the field that's either a defect, discrepancy or it's
associated with some new features they want to put into it. That
information has to somehow get back up the chain to those in charge.
Those that control the qualification numbers, and the state
certification, etc. You know, there's probably penalties that you
could impose, there are, the only thing really now is being
decertified by a state or being decertified by NASED if such a thing
occurs.

Senator Debra Bowen: I'm actually looking at much more benign kinds of
things.

Systest (Brian Phillips): Well I'm just saying,

Senator Debra Bowen: Let's say you find that you've got – Let's take
the world's largest proprietary software operating system
manufacturer. I get patches all the time, I don't go back and
reevaluate my whole operating system. I download the patch and I slap
it on there, and I figure that I've got one less problem to deal with
although sometimes I find out afterwards that I've created a problem
in addition to solving one.

Wyle (Jim Neu): You don't go back and do the regression testing
because you're assuming that in fact that manufacturer did do the
regression testing.

Wyle (Joe Hazeltine): Before he released the patch.

Wyle (Joe Hazeltine): And the other thing, there's no disincentive on
the part of the vendor to fix a problem that someone's identified.

Senator Debra Bowen: Well I think that what we saw, at least with one
voting machine vendor here is that they did change software after it
was certified by the state and didn't tell California and that's part
of the reason that they were later decertified is that they were
running software that wasn't exactly the same as what was certified.

Without regard to whether that was deliberate or not, I think if
you've got to go back through and retest, and time is short and you're
coming up on election day, you've got 20,000 machines in Los Angeles
County alone, you're looking at your watch and you're thinking, "If I
go back to Wyle it's going to be four weeks before I can -- or three
weeks or whatever it is, and the election's in 72 days, so what am I
going to do, let me just fix this. You know, "I'm not doing anything
substantive, so I'm just going to fix it."

Systest (Brian Phillips): I know of a situation state of Washington,
where that happened, exactly as you've described, an election coming
up, it's two to three weeks, and they need a new patch. But that patch
would have to go back through the ITA for qualification.

Senator Debra Bowen: Okay.

Systest (Brian Phillips): I do know the vendor was told distinctly by
the state, "Put it in." – by the county, who was requiring it. "Put it
in." We need it. There's no way you're going to get it done in time.
"So put it in." And I know the vendor asked for a written release,
which they didn't get from the county, because the county wasn't
supposed to do that, the county was required to get it qualified but
they knew there was no way the time was going to allow them to do
that. What's the answer? I don't know.

The vendor couldn't say "No, we're not going to do that" and then
they're going to be deemed as nonresponsive. Or they say "Yes, we'll
do it, go through the ITAs" and we're going to say you know what, this
is going to take three weeks instead of two, and then we're looked at
as the bottleneck. And there isn't an easy answer to that.

Wyle (Jim Neu): It's really up to the customer, configuration control
is always an issue. If something is identified. First the customer
needs to ensure that the vendor isn't changing software and not
admitting it. If the vendor changes software and still represents it
as still being 4.3.7 or whatever that they originally had put out then
they're dishonest. Beyond that if the customer finds out that the
software has been changed, then it's really got to be up to the
customer to require the regression testing. Oftentimes that regression
testing would not be that difficult or lengthy, it depends on the size
and nature of the patch.

Systest (Brian Phillips): Another interesting point is that patches
generally can't get into the software without the customer knowing
about it, unless they've giving the vendor free rein. I would never
encourage that.

# # # # #

PERMISSION TO REPRINT GRANTED. THESE TRANSCRIPTS WILL PROBABLY BECOME
A PUBLIC RECORD SOME DAY, BUT BECAUSE BLACK BOX VOTING INVESTED MANY
HOURS IN MAKING THIS TRANSCRIPT AVAILABLE, IF YOU REPRINT FROM THIS
EARLY VERSION, PLEASE ATTRIBUTE PROPERLY WITH A LINK TO
http://www.blackboxvoting.org. THANKS!

I can't find anything past midnight Monday.

:shrug:

http://www.bbvforums.org/forums/messages/1954/23132.html?1144265704

On Edit: Fixed link!

had been started, but I couldn't find it.