w/ Brad & Desi
w/ Brad & Desi
w/ Brad & Desi
NATIONWIDE STUDY FINDS ALMOST NO VOTER FRAUD
Just 10 cases of in-person impersonation in all 50 states since 2000...
VIDEO: 'Rise of the Tea Bags'
Brad interviews American patriots...
'Democracy's Gold Standard'
Hand-marked, hand-counted ballots...
GOP Voter Registration Fraud Scandal 2012...
The Secret Koch Brothers Tapes...
|MORE BRAD BLOG 'SPECIAL COVERAGE' PAGES...|
By Brad Friedman from Plano, TX, with help from Emily Levy of VelvetRevolution.us and Tom Courbat of SAVE R VOTE...
In a dramatic late-night press conference, California Secretary of State Debra Bowen decertified, and then recertified with conditions, all but one voting system used in the state. Her decisions, following her unprecedented, independent "Top-to-Bottom Review" of all certified electronic voting systems, came just under the wire to meet state requirements for changes in voting system certification.
Bowen announced that she will be disallowing the use of Direct Recording Electronic (DRE, usually touch-screen) voting systems made by the Diebold and Sequoia companies on Election Day, but for one DRE machine per polling place which may be used for disabled voters. The paper trails from votes cast on DREs manufactured by those two companies must be 100% manually counted after Election Day. DREs made by Hart-Intercivic are used in only one California county and will be allowed for use pending security upgrades.
The InkaVote Plus system, distributed by ES&S and used only in Los Angeles County, has been decertified and not recertified for use after the company failed to submit the system source code in a timely manner to Bowen's office. LA County is larger than many states, and questions remain at this time as to what voting system they will use in the next election.
As The BRAD BLOG has been reporting in great detail for the past week since the reports were released, the "Top-to-Bottom Review" had found that all Electronic Voting Systems certified in California were easily accessible to hacking. A single machine, the testers discovered, could be easily tampered with by an Election Insider, Voting Machine Company Employee, or other individual in such a way that an entire election could be affected without detection.
In Bowen's conditional recertification she re-iterated that "expert reviewers demonstrated that the physical and technological security mechanisms" for the electronic voting systems "were inadequate to ensure accuracy and integrity of the elections results and of the systems that provide those results."
The Certification/Recertification documents for each of California's voting systems, including security mitigation procedures and other requirements for use, are now posted on the CA SoS website. The documents, in and of themselves, offer devastating indictments against the security and usability of each of the systems as revealed during Bowen's independent University of California "Top-to-Bottom Review."
Bowen, a Democrat, was elected last November largely on her promise to re-examine the state's voting systems. In an upset victory, she defeated Republican Bruce McPherson who had been appointed as Secretary of State by Gov. Arnold Schwarzenneger. McPherson had been very friendly to the voting machine vendors, allowing for the continued use of virtually every e-voting system submitted for state certification. Several of those systems had been previously revealed to have had grave vulnerabilities and included source code which was in violations of federal voting systems standards and in violation of state law.
The late-night press conference, following Bowen's decisions, was held at the SoS's office in Sacramento at 11:45pm PT, just in time to meet the state law requiring a six-month notification, prior to an election, for changes to certification of voting systems. California's Presidential Election Primary was recently moved up several months by the state legislature to February of '08.
The BRAD BLOG was able to listen in to the presser via a poor cell phone connection out of Bowen's office. As best as we were able to transcribe, these are our notes from Bowen's announcement and the questions from the media which followed...
Direct Recording Electronic (DRE/touch-screen) voting systems decertified and recertified for use by disabled only.
100% manual count for Diebold and Sequoia DREs.
One machine per polling place.
Diebold – Optical scan system: – decertified and recertified only if meets certain requirements.
Diebold TSx DREs – decertified and recertified subject to certain conditions. Only one machine in a polling place for use by disabled voters. Reduces risk of viral attacks that could infect central equipment.
Sequoia – Optec optical scan: – decertified and recertified – subject to conditions
Sequoia AVC Edge I and II (DREs) – decertified and recertified with a number of security requirements including only one machine in each voting location to allow independent access by disabled voters – concern regarding corruption of software and source code
Hart Intercivic – eSlate DRE: Used only by one county – decertifying and recertifying subject to security requirements. Has the least risk of the three systems.
ES&S InkaVote Plus - optical scan: (LA County only) – ES&S ignored my March demand to submit source code. ES&S eventually submitted source code too late for t2b review. Therefore, "I am decertifying the InkaVote Plus without recertification."
Voters are victims of federal certification process that has not done a job of assuring machines are accurate, accessible, secure.
I reject the notion that I should not require changes in systems solely because we already own them. She compares it to a recall of cars....When NASA finds a problem, they don't continue just because they've already spent the money. They scrub the mission and spend the money to get it right. We must do same with elections.
Blogged by Brad from deep in the heart of
Diebold Country Texas...
The Source Code Review sections of CA SoS Debra Bowen's independent "Top-to-Bottom Review" of voting machines were released yesterday after being scrubbed of some of the more dangerous, specific "road-maps" for hackers.
As expected, the reports are exceedingly troubling and damaging to the entire failed e-voting industry and Diebold, once again, is shown for the menace to democracy that its once-good name has now come to signify.
"The software contains serious design flaws that have led directly to specific vulnerabilities that attackers could exploit to affect election outcomes," read the University of California at Berkeley report, commissioned by the California Secretary of State as part of a two-month "top-to-bottom" review of electronic voting systems certified for use in California.
The assessment of Diebold's source code revealed an attacker needs only limited access to compromise an election.
"An attack could plausibly be accomplished by a single skilled individual with temporary access to a single voting machine. The damage could be extensive --- malicious code could spread to every voting machine in polling places and to county election servers," it said.
"A virus could allow an attacker who only had access to a few machines or memory cards, or possibly to only one, to spread malicious software to most, if not all, of a county's voting machines," the report said.
Voting machine "sleepovers," anyone? (Yes, we're talking to you Mikel Haas, Deborah Seiler, and Michael Vu in San Diego!)
And finally, there's this --- bolding added so it can be seen easier by members of CONGRESS...
Got that, Mr. Holt and Ms. Feinstein?
And with that, we eagerly await Bowen's fateful decisions, due today, on what to do with California's electronic voting systems. She may choose to do a) nothing, b) decertify, or c) recertify with new conditional security elements. Today is Judgement Day. Stay tuned...
Blogged by John Gideon, VotersUnite.Org
"The problems we found in the code were far more pervasive, and much more easily exploitable, than I had ever imagined they would be." Matt Blaze 02 August
Today the California Source Code Review Reports were released by Secretary of State Bowen's office. Reports were released on the Diebold, Sequoia, and Hart Intercivic voting systems.
The lead researcher for the Sequoia source code team was Matt Blaze. In his blog, Exhaustive Search, Blaze discusses the results of all of the inspections.
I was especially struck by the utter banality of most of the flaws. Exploitable vulnerabilities arose not so much from esoteric weaknesses that taxed our ingenuity, but rather from the garden-variety design and implementation blunders that plague any system not built with security as a central requirement. There was a pervasive lack of good security engineering across all three systems, and I'm at a loss to explain how any of them survived whatever process certified them as secure in the first place. Our hard work notwithstanding, unearthing exploitable deficiencies was surprisingly --- and disturbingly --- easy.
Blaze then concludes with what may be a hint of decisions to come:
This means that strengthening these systems will involve more than repairing a few programming errors. They need to be re-engineered from the ground up. No code review can ever hope to identify every bug, and so we can never be sure that the last one has been fixed. A high assurance of security requires robust designs where we don't need to find every bug, where the security doesn't depend on the quixotic goal of creating perfect software everywhere.
In the short term, election administrators will likely be looking for ways to salvage their equipment with beefed up physical security and procedural controls. That's a natural response, but I wish I could be more optimistic about their chances for success. Without radical changes to the software and architecture, it's not clear that a practical strategy that provides acceptable security even exists. There's just not a lot to work with.
I don't envy the officials who need to run elections next year.
Blogged quickly by Brad from somewhere deep in the heart of Texas...
Color us shocked. Elections Officials who oversee their own elections or those of their party leaders...and then go to work for the Voting Machine Companies they do business with/apologize for. Hey, at least they're now getting paid (publicly) for the lobbying work they were doing for those companies already.
New York Times notices the problem we have with the way our electoral system "works" and how so many of those who run it seem to work for everyone but the voters...
While federal ethics rules require lawmakers to wait a year after leaving office before they can take a job lobbying their former colleagues, no such rules exist for election officials, creating a revolving door between election administration and the voting machine industry. In recent years, top election officials in at least five states have moved from government posts directly into jobs as lobbyists for the voting machine industry...
And a note to NY Times' Ian Urbina: Good story. Though it would be a journalistic breath of fresh air if you avoided already discredited political operatives as quoted sources. E.g., folks like Robert Pastor of the hoax Baker/Carter National Election Reform Commission and the anti-democratic GOP wingnut SoS of Indiana, Todd Rokita. Consider it a friendly request with appreciation that you seem to be back on this beat...
Guest Blogged by John Washburn
Currently, the public portions of the top to bottom review published by California last week have rightly been the subject of banner headlines. A report from the University of Connecticut, however, which was entitled "Integrity Vulnerabilities in the Diebold TSx Voting Terminal" and released a few days prior with not quite as much fanfare, provides an excellent counter to the oft-repeated vendor talking point that the California testing is similar to "giving keys to a thief."
The University of Connecticut report is immune to this specious argument. The University of Connecticut team had no access to source code or any information which was not publicly available. These limitations are precisely what all three vendors defined as "realistic" in their testimony in California at the public hearing on Monday July, 30, 2007. Yet, under these vendor-approved conditions, the University of Connecticut found yet another set of new, serious, and election altering defects and was able to exploit them in a disturbingly effective manner.
Guest Blogged by John Gideon, VotersUnite.Org
In a recently released report, New York Attorney Andrea Novick, Esq., tells members of New York state government and now the world that the vendors of the voting machines that most of us use are NOT responsible citizens and why. This report was written for, and addressed to, Governor Spitzer, the State Board of Elections and the State Legislature.
In her report Novick explains that New York state has laws that should bar any of the vendors from doing business in the state.
New York State Law states the following about corporate integrity...
According to a story in the Miami Herald by Marc Caputo;
The study by the Florida State University Security and Assurance In Information Technology Laboratory (SAIT) has found that the issues discovered by Harri Hursti in the now famous Hursti I hack have not been addressed by Diebold. The SAIT Team also inspected the state's Diebold DREs and DRE Bootloader.
In a letter to David Byrd of Diebold, Secretary of State Kurt Browning gave Diebold until August 17 to correct the identified problems. Failure to do that will result in the system not being certified for use in the next election in the state.
Guest Blogged by John Gideon, VotersUnite.Org
To date the "Red Team" reports have been released; a preliminary report on audits has been released; and the accessibility report has been released. Our cup nearly runneth over.
But wait, there's more?
Yes, there are still 6 more reports that have not been released. There are three reports, one for each vendor, on the source code review. There are also three reports, one for each vendor, on the document review. All six of these reports are important to the total picture and all of them will be used in the final decision making process.
We encourage the Secretary of State to let the voters see those remaining reports. If the reports are 100 pages each, that's 600 pages of information that we need time to read and study.
Secretary Bowen, release the reports, please.
UPDATE 01 August: Today Princeton Prof. Ed Felten of Diebold Accuvote TS hack fame, asked on his blog, FreedomToTinker, "Where are the California E-Voting Reports". In his blog Prof. Felten says:
Here’s the official explanation, from the Secretary’s site:
The document review teams and source code review teams submitted their reports on schedule. Their reports will be posted as soon as the Secretary of State ensures the reports do not inadvertently disclose security-sensitive information.
This explanation is hard to credit. The study teams were already tasked to separate their reports into a public body and a private appendix, with sensitive exploit-oriented details put in the private appendix that would go only to the Secretary and the affected vendor. Surely the study teams are much better qualified to determine the security implications of releasing a particular detail than the lawyers in the Secretary’s office are.
More likely, the Secretary is worried about the political implications of releasing the reports. Given this, it seems likely that the withheld reports are even more damning than the ones released so far.
If the red team reports, which reported multiple vulnerabilities of the most serious kind, are the good news, how bad must the bad news be?
We ask again; Secretary Bowen, release the reports, please.
UPDATE 02 AugustAnother set of reports, source code review, has been released today. Thank you Secretary Bowen.
Blogged by Brad Friedman from somewhere in Texas...
If you've yet to find time to read the hundreds of pages from the landmark "Top-to-Bottom Review" of voting systems from California University, as commissioned by CA SoS Debra Bowen, we don't blame ya.
So after plowing through dozens of articles covering the reports, we'll make it easy for you, and recommend two short articles which will get you all quickly caught up with an overview of some of the most notable findings from all of the various reports as written in nearly human-being language.
As well, we're happy to sum up --- and destroy --- the pathetic, predictable, and lock-step Election Officials' and Vendors' response to Bowen's report in a few easy paragraphs....
Now that the California Secretary of State's "Top-To-Bottom Review" testing is complete and the reports have been submitted, nearly everyone is falling over themselves to read and talk about the many startling vulnerabilities easily found by the "Red Teams" who performed hack testing on the systems.
However, there is another report that has been overlooked, for the most part, by the media and the public. That is the "Accessibility Review" which examined whether the Direct Recording Electronic (DRE) voting systems meet federal requirements to allow voters with disabilities to cast their votes privately and independently as required by the Help America Vote Act (HAVA). Maybe it's because, as some have pointed out, accessibility issues are not as "sexy" as hacking into voting machines. Or maybe it's because this report is 155 pages long as compared to less than 20 pages for the "Red Team" reports. Either way, the failures found in the accessibility report may pack more dynamite and leave more questions unanswered than the security reports.
The "Executive Summary" of that report says it all:
Notice that the researchers say, "none met the accessibility requirements of current law." That's federal and state law. The machines have been sold for years --- and, in fact, the use of DRE machines as a whole has been jammed down America's polling places --- on the basis that they meet federal HAVA mandates for an accessible means of voting in every polling place. And yet, the California analysts found, they are not accessible at all...
Guest Blogged from Sacramento by Emily Levy of VelvetRevolution.us (with assistance from Michelle Gabriel, photos by Bill Lackemacher of Sacramento for Democracy) from the public hearing on 7/30/07, called by California Secretary of State to receive comments on her landmark "Top-to-Bottom review" of the state’s electronic voting systems. No internet access was available in the hearing room, so I wasn’t able to live blog as I’d hoped. I did, however, take copious notes, which are posted in full below this brief summary.
ED NOTE: The video of the hearing, which was not easily available as it streamed live today, is now posted here and here. But I recommend Emily's detailed description below for a great deal of value-added content and perspective! And it's faster! - BF
Note: Story very slightly updated with some corrections in the spelling of names, plus one substantive correction regarding Jim Soper's testimony (the very last one in the entire article).
SACRAMENTO - California Secretary of State Debra Bowen made opening remarks, followed by an overview of the Top-To-Bottom Review by the chief investigator, Matthew Bishop, University of California Davis (UCD) Professor of Computer Science.
Following that, each of the three vendors whose machines went through the Top-To-Bottom Review were given 30 minutes to respond to the report. Diebold went first and only took about five of the 30 minutes, followed by Hart Intercivic and Sequoia.
I’m absolutely thrilled to report that Sequoia knows just how to solve the problems found in the Top-To-Bottom Review: California should just by newer systems from them!
After lunch was the public comment period, the longest part of the hearing. I’ve paraphrased and sometimes quoted the comments of just about every person who testified (including my own testimony). There were maybe 25 or 30 county election officials present, many of whom spoke. Freddie Oakley of Yolo County, an election integrity hero, spoke in favor of the Top-To-Bottom Review and said we bought these systems to accommodate voters with special needs and disabilities and “we have let them down in the most appalling way” by certifying systems with such obvious defects and continuing to use them despite those defects.
I believe every other elections official spoke critically of the Top-To-Bottom Review, most criticizing Bowen for not including county elections officials in the review, not reviewing policies and procedures as part of the Top-To-Bottom Review, and conducting the review in a laboratory setting rather than a real election setting. (I, in contrast, think our elections in recent years have been nothing but one giant beta test!)
It will take some scrolling to find my notes on the remarks of the many election integrity advocates who spoke. Most spoke late in the day, probably because they signed up later, after the pre-hearing press conference they held outside the Secretary of State’s office building. But it’s worth the scrolling, because many important things were said. Many of the EI advocates encouraged Secretary Bowen to decertify not just the three election systems tested, but all electronic voting systems. Many advocated for hand-counted paper ballots. Testimony was frequently backed up with credentials, experience, statistics and technical information. The depth and breadth of expertise in the election integrity movement continues to amaze me. (Note: I’ve posted my own comments in full because I had them available. If others who spoke would like their testimony posted in full, I invite them to paste them into the “comments” section of this blog item.)
Several people with disabilities and advocates for people with disabilities spoke. Some, notably Jennifer Kidder, spoke about the importance of election integrity. Kidder said, “The purpose of any equal opportunity legislation is to get marginalized voices heard,” and went on to note that this purpose is defeated if, after voting privately and independently, the vote of a disabled voter is changed by an electronic voting system.
Most of the people with disabilities and their advocates, however, cautioned against going “back” to paper ballots, saying that would be a move in the wrong direction in terms of the accessibility of voting systems. In general, they were supportive of the types of mitigations recommended by the accessibility team of the Top-To-Bottom Review, despite the findings that none of the systems tested actually met the federal accessibility standards as required by law.
Secretary of State Debra Bowen’s office is accepting public comments by email until Wednesday, August 1 at VotingSystems@sos.ca.gov On Friday, August 3, Bowen will announce what actions she will take in light of the Top-To-Bottom Review. We can only hope that she remembers why she was elected, and will take bold action to protect California's elections.
Detailed notes on the hearing appear below. Where I have paraphrased a speaker, I have done so in the first person, sometimes making my own [occasionally snarky] comments inside square brackets. I hope this isn’t confusing...
Blogged by Brad Friedman from somewhere in Texas...
"Publicly observable post-election audits are the single most important safeguard we can have for the integrity of elections in this era of computer-assisted voting," according to Livermore National Labs computer scientist David Jefferson.
"They allow everyone, winners and losers alike, to be satisfied that the races are correctly called, but without the need to trust any computers or software," he added in a press release from the California Sec. of State's office released just moments ago (posted in full at the bottom of this item) on the study he led for the SoS Debra Bowen, which examined the effectiveness of --- and made recommendations to improve --- the state's 40-year old 1% manual audit law.
In addition to her stunning announcement on Friday that her team of independent analysts at Univeristy of California, attempting to hack the states electronic voting systems as part of her promised "Top-to-Bottom Review," were able "to bypass both physical and software security measures in every system tested," Bowen has also convened a "Post-Election Audit Standards Working Group" in order to "examine whether California’s post-election audit standards should be strengthened."
Their report has now been released online [PDF].
Among recommendations made by the group (emphasis in original):
"No matter what voting systems California counties use," Bowen said in the statement, "we have to make sure we’re doing meaningful audits of election results to provide voters with the confidence that every vote is counted as it was cast."
The complete press statement on the just-released finds of the "Post-Election Audit Standards Working Group" follows in full below...
CA SoS Debra Bowen's public hearing concerning her "Top-to-Bottom Review" of electronic voting systems carried out by the University of California, takes place at 10am today (Monday) in Sacramento. Her office has just let us know that the hearing will be webcast live here.
According to a statement from Bowen's office this morning, the hearing will be at "the Secretary of State’s Sacramento building auditorium at 1500 11th Street."
"Secretary Bowen’s decisions on system certifications will come on or before August 3, after her thorough review of the UC team reports and input from voters, voting system vendors and local elections officials," the state says. "Today, the independent UC review teams, led by nationally respected computer science experts David Wagner and Matthew Bishop, will provide an overview of their reports. Voting system vendors will have an opportunity to respond, then public comment will be welcome."
The landmark, independent reports from UC are available online right here.
UPDATE 1:00pm PT: The live webstream out of the hearing is almost completely unwatchable, as they must not have enough bandwidth to accommodate those trying to watch. As well, though Emily is at the hearings, there is no Internet access available in the room. So despite all best-laid plans, we'll have to wait for the her report to be posted here later tonight, and for a video archive of the hearing itself to hopefully be made available later.
UPDATE 11:27pm PT: Emily Levy's tremendous, detailed coverage of the hearing is now finally posted here...
Guest Blogged by Bob Bancroft of VotersUnite
Rep. Rush Holt's HR 811 Election Reform bill has become an enigma. After years of healthy dialogue with the election integrity community, Congressman Holt’s office now seems unresponsive. Just last week, rumors began to circulate that the Holt bill was adrift, its future uncertain. We later learned that the bill had entered into a series of secret negotiations, involving Majority Leader Hoyer, Speaker Pelosi, and other undisclosed parties.
Despite repeated attempts to contact anyone from the offices of Holt, Hoyer or Pelosi for a simple update, the week went by without a single call returned.
Now, we receive our first glimpse of the newly compromised Holt. We learn of the bill not from its author, nor Leader Hoyer, nor any elected, public official. Instead, it would seem that communications surrounding the bill flow through People For the American Way (PFAW), in the form of a late-Friday press release.
On Saturday, the New York Times confirmed that it was PFAW's President, Ralph Neas, in fact, who brokered the deal.
At a time when public confidence in our elected officials, and indeed the very process by which they are elected, is badly shaken, this is not helpful. VotersUnite will form an opinion of Hoyer-Holt only after careful reading of the text, which remains unavailable at the time of this writing. However, we are troubled that our Representatives would choose to conduct themselves in this circuitous manner, especially while considering something as fundamental as our right to vote.
Following is the full text of the original press release on the new, compromise version of HR-811, as issued by PFAW on Friday...
A Few Great Blogs
· Baghdad Burning
· Brilliant at Breakfast
· Crooks and Liars
· Dan Froomkin
· Fired Up! Missouri
· Freedom's Phoenix
· Freeway Blogger
· Glenn Greenwald
· Huffington Post
· Jesus' General
· Juan Cole
· Washington Monthly
· Media Matters
· Nashua Advocate
· Oliver Willis
· RAW STORY
· Sanoma State's
Project Censored Sites:
· Daily Censored
· Media Freedom
· Project Censored
· Scholars & Rogues
· Skippy the Bush Kangaroo
· Talking Points Memo
· Think Progress
· Tom Tomorrow
· TV Newser
· Ben Sargent
· Bill Deore
· Bob Gorrell
· Cagle's Index
· Chan Lowe
· Don Wright
· Doug Marlette
· Glenn McCoy
· Jeff Danziger
· Joel Pett
· Mike Luckovich
· Non Sequitur
· Not Banned Yet
· Pat Oliphant
· Paul Conrad
· Ted Rall
· This Modern World
· Thomas Burns
· Tom Toles
· Tony Auth
· Stuart Carlson
Or by Snail Mail
Make check out to...
7095 Hollywood Blvd., #594
Los Angeles, CA 90028