Blogged by Brad Friedman from Houston...

Following up on yesterday's report on the latest machinations surrounding the release of CA Secretary of State Debra Bowen's unprecedented "Top-to-Bottom Review" --- including independent hack testing and source code analysis --- of electronic voting systems. The BRAD BLOG has received a few more details on official release dates and timing, including a public hearing in Sacramento next Monday, from the SOS's office [emphasis ours]:

We're in Texas, but hoping those within driving, walking, running distance from Sacramento will show up to the Capitol to give their thoughts on the findings on Monday, as we expect the voting machine vendors to be there in droves, and they may need a reminder that they do not own these elections. The citizens do.

We're also still waiting to hear back from Steve Weir, the Registrar-Clerk of Contra Costa County and President of the California Assoc. of Clerks and Election Officers (CACEO), for details on his published comments indicating that CA registrars may choose to ignore Bowen's findings. The CACEO has blasted Bowen's review of voting systems previously.

Not sure what Weir's legal theory is for such an action, which seems to fly in the face of both the law and the will of the people --- Bowen was elected precisely on her promises to take the actions she's currently taking after both her predecessor in CA and federal agencies had failed completely to properly test these voting systems before certifying them --- but we'll let you know what we learn. We've invited Weir to appear on the Peter B. Collins Show, which we continue to Guest Host through the end of this week. We'd love to hear from him, of course. Stay tuned...

UPDATE 7/27/07 2:40pm PT: Still waiting for the release of the reports, which I'm told by the SOS will be "any moment". When it's released, it should be right here.

Blogged by Brad Friedman from Houston...

The results of California Secretary of State Debra Bowen's landmark "top-to-bottom" review of electronic voting systems in California are due on August 3rd. (UPDATE: The SoS's Office informs us the report will be released this Friday. Details now posted here.) It'll be the first such official analysis, performed by several teams of testers, in which these voting systems have actually been tested for vulnerabilities and failures by "red team" hack/penetration testers, as well as having the system source codes fully and independently tested.

An article by Steve Harmon published in several CA newspaper this week offers a preview of the battle which may be ahead, including one exceedingly disturbing suggestion that California Election Clerks may be preparing to "ignore Bowen's findings and continue to use their systems" no matter what she may find, and whether or not she decertifies the systems for use.

Yours truly is quoted early in the piece, suggesting that "voting machine companies are quaking in their boots," as Bowen is doing precisely what she was elected to do and is fulfilling her campaign promises through the unprecedented series of tests.

John Gordon of Public Radio's Future Tense program followed up that printed report with his own four-minute audio report in which I'm also interviewed:

Of note in both reports, the voting machine company spokesholes are on the defensive, as expected. But the real battle after Bowen releases her findings may lie with the California Association of Clerks and Election Officers (CACEO), currently led by President Steve Weir, who makes some startling statements in the report...

Guest Blogged by John Gideon

It has just been announced by San Diego County that they have hired Deborah Seiler as their new permanent Registrar of Voters. Ms. Seiler joins the county elections office from her job as the Assistant Registrar in Solano County, California.

"Seiler brings unique elections experience from the state, local and private sector that adds valuable perspective at a crucial time," according to a press release (posted in full at the bottom of this article) as issued today by San Diego County.

All of which sounds great, until one does a moment or two of Googling --- particularly on that "private sector" point mentioned --- and Seiler's troubling past is quickly revealed to be yet more bad news for the voters of San Diego, who continue to get the worst of what American democracy is supposed to look like.

Look what we found out about Seiler...

Doing twelve things at once today, so no time for analysis at this point. I'll just run CA Sec. of State Debra Bowen's just released statement on her promised, unprecedented, first-of-its-kind in the nation, "top to bottom review" of all of California's electronic voting systems.

The review will include "red team" hack testing for the first time ever. Done as standard operating procedure for similar security-sensitive, mission-critical commercial systems, this sort of penetration testing has never been performed on America's voting systems. Until now.

The one page summary [PDF] of the plan states:

• [University of California] will provide specialists from its campuses, as well as experts from public and private universities and private sector companies throughout the United States to create three teams of experts to conduct the reviews.
• Each system will undergo a thorough document and source code review, red team penetration testing, and a review to determine whether it’s accessible to all voters.
• The review teams will provide an independent technical evaluation of the voting systems that the Secretary of State will use to carry out her statutory duty with respect to voting systems in determining whether the systems comply with current state and federal law.

There are links within her statement below where you can find more details. For example, the State's review teams will include folks such as computer security expert "hacking" Harri Hursti, and blind technology expert Noel Runyan, who has been highly critical of unverifiable touch-screen DRE voting systems.

More on all of this, perhaps, later after I've had time to review the materials myself. But for now, see the statement below for some killer quotes from Bowen...

Harri Hursti drove up to Los Angeles last Friday after his appearance that morning before the Riverside County, California, "Blue Ribbon" panel convened to investigate massive problems during the County's 2006 election, and continuing concerns from Election Integrity advocates about both the performance and security issues surrounding the Sequoia Edge II DRE touch-screen voting systems in use down there.

We sat down to interview Hursti for a documentary film for an hour or two on Friday night, and we continued chatting into the wee hours. After getting home around 4am, we suspect we'll be playing catching up for a few days.

The headline from those discussions last night is probably that Hursti, now famous for his hack of a paper-based Diebold optical-scan voting system in Leon County, Florida, in late 2005 (as seen live in HBO's documentary Hacking Democracy), advocates digital optically-scanned paper ballots --- where the image of the scan can then be made available to all on the Internet --- as the most secure and most transparent method of voting for the type of elections we have in these United States.

That may come as a surprise to advocates of Rep. Rush Holt's Election Reform bill, who have been pointing to the "Hursti Hack" as a way to suggest that op-scan tabulation is "just as bad" as Direct Recording Electronic (DRE) touch-screen voting systems. Holt's bill (HR811) would allow for the continued use of DREs, despite the continuing warnings from computer scientists, disabilities and minority rights advocates, and the Election Integrity community that the devices should be banned.

Hursti heartily disagrees with those Holt supporters and told us again that DREs are not safe for use in elections, with or without a so-called "voter verified paper audit trail." He's asked for us to help facilitate a meeting for him with Holt and his staff to discuss the matter, and we are attempting to do just that.

As well, Hursti's position may also come as a surprise to those who have pointed to the "Hursti Hack" in their call for 100% hand-counted paper ballots (HCPB) in American elections. While Hursti said he recognizes that such a system works well enough in other countries where ballots are much simpler, he feels the thousands of ballot styles and pages and pages of candidates and propositions would likely make all HCPB unwieldy here. By contrast, he explained that in Finland, voters go to the poll and cast a single vote for President as the only race on the ballot, which is simple enough to hand count on the night of the election.

He rattled off the many different systems of democracy in many different countries, from Europe to Asia, as well as a history of how America has come to its current mess, going back as early as the late 1800's to discuss the evolution of our modern day system in this country. Clearly, he's done his homework and is well worth listening to on these matters.

Hursti also gave high marks to California's new Secretary of State Debra Bowen for her recent announcement of "red team" hack testing for all of the state's currently certified electronic voting systems, as part of her "top to bottom review" of those systems. Other computer scientists and security experts have lined up to join in praising Bowen for this unique, first-of-its-kind attempt to finally test the security of these systems.

On the other hand, many of the state's elections officials have come out against such testing of their precious, hackable, un-transparent voting systems. And, surprise surprise, so has the Santa Cruz Sentinel --- the paper once owned by thankfully-former CA SoS Bruce McPherson --- in a laughable editorial late last week claiming that "paper ballots carry an even greater risk" than electronic voting systems, and that Bowen's planned test criteria is a "solution in search of a problem."

We're not sure what cave the Santa Cruz Sentinel has been living in, but we're guessing they've been sharing their hard tack and canned spam with their buddy, the gone-but-apparently-not-forgotten McPherson, the one responsible for certifying these god-awful systems in the first place for the state, despite mountains of evidence suggesting it was unwise. We're also guessing they've never sat down to chat with Harri Hursti.

Hursti's visit to Riverside, as we reported here last week, was in response to County Supervisor Jeff Stone's challenge last December that nobody could manipulate the county's Sequoia election system. After Hursti volunteered to take Stone up on that "1000 to 1" challenge, the county has been waffling ever since. So quite a few members of both the public and the press were on hand yesterday for Hursti's testimony before the "Blue Ribbon" panel.

Although Hursti traveled all the way from Finland, Stone and every other member of the Riverside County Board of Supervisors were apparently too busy to make it up the road to meet Hursti and listen to his presentation...

FEATURING: Our One-on-One Debriefing with the Finnish Computer Security Expert on American Elections, Rush Holt's Reform Bill, Debra Bowen, 'Black Hats,' and Why Elections Matter...Pre-details back here...

UPDATE: Story now posted here...

Harri Hursti is coming to Riverside County, home of County Supervisor Jeff "1000 to 1" Stone, he of the now infamous, if ill-conceived, "Riverside Hack Challenge".

Hursti, the Finnish computer security expert and hacker of Diebold voting machines past (see HBO's Hacking Democracy for but one example), will be testifying to and answering the questions of the "Blue Ribbon" commission empaneled by the county to investigate complaints about the administration of the 2006 election, as well as the the many expressed security and accuracy concerns about their Sequoia Edge touch-screen DRE voting systems.

Riverside is, proudly, the first county in the U.S. of A. to have made the mistake of moving to electronic balloting systems, but if they hurry, they won't be the last to dump 'em entirely.

The Sequoia voting systems in question would be the ones involved when Stone challenged Election Integrity advocates, on video tape, back in December, to bring in a programmer and "set up an appointment with one of our machines" in order to "verify that they can manipulate that machine."

"I'm gonna bet a thousand to one that they cannot do it...I'll make that challenge," Stone blurted out to the continuing dismay of his fellow Supervisors and County Registrar Barbara Dunmore.

And then, Hursti stepped in to accept the challenge. Stone has been wafflin', duckin', and dodgin' ever since (see this page for our complete hilarious special coverage of the "Riverside Challenge").

Hursti will testify at the commission's March 30th panel at 9am in Palm Desert, CA, at the Palm Desert City Hall, 73-510 Fred Waring Drive.

The hearing and testimony is open to both the public and the media, and --- as we are both --- we might like to drive down there ourselves if the gods are with us. But, despite Hursti's travels all the way from Finland, the gods haven't been with us much of late, and so we may or may not be able to make the few hours' drive. But we hope you will, if you're in the 'hood. And if so, let us know how it went!

Either way, we hope to have some video of the whole affair to post here afterwards at The BRAD BLOG if those pesky gods are even partly with us this time around.

UPDATE: VelvetRevolution.us --- (Disclosure: The BRAD BLOG is a co-founder of VR)-- is helping to raise funds to cover the expenses of DFA/Temecula Valley & SAVE-R-VOTE in covering expenses for Hursti's visit, and other costs related to their Election Integrity advocacy. Please click here to donate, and specify funds be earmarked for "Riverside Hack Challenge".

More details on Hursti's appearance in Riverside follow in a press release which we early-obtained from the good folks of the SAVE-R-VOTE project of DFA/Temecula Valley, and we're all too pleased to share it with you in full below...

California's new Secretary of State, Debra Bowen, has flatly rejected a request from Riverside County, CA County Supervisor Jeff Stone to participate in a "hack test" challenge originally proposed to Election Integrity Advocates in response to their concerns about security and accuracy for the county's electronic touch-screen voting machines, The BRAD BLOG has learned.

In a letter sent to Stone last week obtained by The BRAD BLOG (posted in full at the end of this article), Secretary Bowen found that though there was no state law to prohibit such a test, her office would not participate, in part due to the narrow restrictions initially insisted upon by Supervisor Stone.

In her reply to a letter sent in early January to outgoing Secretary of State Bruce McPherson just days before he would leave office, Bowen wrote, "I am not aware of any state law that would prohibit the type of security test that you described in your letter." Unlike Bowen, the former SoS had been seen as far more favorable towards relaxed security issues for electronic voting.

As The BRAD BLOG originally reported last December, Stone had initially challenged local Election Integrity advocates "a thousand to one," during a public hearing, that a programmer would be unable to "manipulate" the county's voting system.

In her letter to McPherson Bowen joined other computer security professionals who had previously rejected Stone's unilateral suggestions for ground rules, calling them "overly narrow," potentially giving voters a "false sense of security." Stone had written to the former SoS that just "15 minutes would be allotted" for the test and the programmer who accepted the challenge --- noted computer security expert Harri Hursti --- would be prohibited from using any tools or reaching around the back of the machine. "In every sense," Stone wrote, "he would be like any voter on Election Day approaching a voting unit at the polls."

Bowen, however, balked at Stone's unilateral ground rules, writing in response...

As well, Bowen also highlighted the point made by Election Integrity Advocates, computer security professionals, and even the Baker/Carter "Blue Ribbon" National Election Reform Commission that made the point that the greatest threat to e-voting security likely comes from election insiders, such as officials or poll workers who have been allowed to take pre-programmed, election-ready systems home with them in the days prior to the election as allowed by Riverside County.

Such insider access is seen as a far greater threat to security than that from voters on Election Day. As Bowen wrote in reply...

"We were looking for any impact the change to paper ballots may have had on New Mexico’s historically high undervote rate. When we found the dramatic drop in Native American precincts, we were shocked," says New Mexico's Theron Horton. The Election Defense Alliance (EDA) activist added, "something was going on with the DREs in those precincts in 2004."

Something indeed.

Details now out from New Mexico reveal that undervote rates dropped precipitously in both Native American and Hispanic areas after the state moved from DRE (Direct Recording Electronic touch-screen) voting systems in 2004 to paper-based optical-scan systems in 2006. In Native American areas, undervote rates plummeted some 85%. In Hispanic communities, the rate dropped by 69% according to the precinct data reviewed by EDA, VotersUnite.org and VoteTrustUSA.org.

Ellen Theisen, then-Executive Director of VotersUnite.org, reviewed the original high undervote rates in the state after the 2004 elections, but hadn't broken it down to compare DRE/touch-screen vs. Op-Scan precincts. "When I heard of Theron’s work," Theisen says in today's press release, "I performed the comparison, and found that it’s the paper ballots that made the difference in the minority precincts.”

New Mexico banned the use of DREs across the state after their disastrous experience with Sequoia touch-screen voting machines during the 2004 Presidential Election. They now require a paper ballot for every vote cast statewide.

As he signed the bill which banned DREs into law in early 2006, New Mexico's Gov. Bill Richardson wrote a letter to Election Officials in all 50 states, warning that while "some believe that computer touch screen machines are the future of electoral systems...the technology simply fails to pass the test of reliability."

"One person, one vote is in jeopardy if we do not act boldly and immediately," Richardson implored, while decrying the failures of DREs in his state and supporting paper ballots. "When a vote is cast, a vote should be counted," he wrote.

The BRAD BLOG has reported on the urgent need to ban disenfranchising DRE voting systems --- with or without a so-called "paper trail" --- from all American elections.

Here's an easy to understand graph from the short, two-page report [PDF] published on the New Mexico data over the weekend along with the raw data at VotersUnite.org:

Any questions?

San Francisco is considering "upgrading" their voting systems to use Sequoia machines. They are demanding that the company publicly disclose their software source code for all to see. It's called transparency. That's a good thing.

But Sequoia is refusing. Yesterday, there was another discussion/debate on the topic at an SF Board of Supes hearing. The San Francisco Examiner reported this laugh line from the Sequoia spokeshole:

For those just joining the fun, who may be unfamiliar with guffaw-worthiness of Bennet's claim about concern for the security of his company's shitty voting systems, we'll refer you to this small sampling of previous relevant BRAD BLOG articles:

• Pro E-Vote Professor Accidentally Hacks Sequoia Voting System
• Sequoia's 'Yellow Button' Allows Voters to Vote As Many Times as They Want
• Sequoia Spokesperson Against Hack Testing of Touch-Screen Machines in Riverside County, CA
• Princeton Prof. Buys Sequoia System on Internet, Hacks It in 10 Seconds

...Along with a heads up that we'll have more --- much more --- on Sequoia's "concerns" about the security of their voting systems (or lack thereof) in a detailed investigative report in the very near future...

Guest Blogged by John Gideon, with additional reporting by Brad Friedman

"We can take a version of Sequoia's software program and modify it to do something different --- like appear to count votes, but really move them from one candidate to another. And it can be programmed to do that only on Tuesdays in November, and at any other time. You can't detect it," Princeton's Professor of Computer Science Andrew Appel explains in New Jersey's Star-Ledger today.

Like Diebold's touch-screen machines before them, Sequoia's voting machines have now been found to be hackable in seconds by a Princeton University professor who says the systems could be "easily...rigged to throw an election." Someone may wish to let the folks in Riverside County, CA, know since County Supervisors there recently issued a "thousand to one" bet that their Sequoia voting systems couldn't be manipulated.

In the same report, it was revealed that an attorney has filed suit, claiming the Sequoia AVC Advantage Direct Recording Electronic (DRE) voting machines used in 18 of New Jersey's 21 counties were never reviewed by the state before they were improperly certified for use and that Princeton's Appel was able to acquire five Sequoia voting machines for only $86. The same machines were recently purchased by the state for $8,000 apiece.

According to the Star-Ledger...

Venetis argues that the state certification is in violation of NJ state law which says such systems must "correctly register and accurately count all votes cast," be "of durable construction" to be used "safely, efficiently, and accurately."

The lack of documentation and testing, however, is hardly the only problem, as reported by the paper today. "Had the machines been tested," Election Integrity advocates have found, "they would have proved to be a hacker's dream."

Princeton Computer Science Professor Andrew Appel revealed that he bought 5 of the Advantage voting machines from an on-line government equipment clearinghouse for a total of $86. Virtually identical machines were bought in 2005 by Essex County New Jersey for $8,000 per machine.

"Appel had to submit only minimal personal information and a cashier's check to close the deal," the Star-Ledger reports. He and his team then put the 5 machines to good use...

There were two fresh articles this week in the media on the Riverside Hack Challenge as initially reported by The BRAD BLOG after the throw-down by Riverside County Supervisor Jeff Stone to Election Integrity Advocates just before the holidays in early December.

You'll recall he bet "a thousand to one" that the county's touch-screen Sequoia voting system could not be hacked. He did so during a public meeting on video tape. If you don't recall, we'll summarize as briefly as we can. He challenged and the Election Integrity Advocates accepted, as noted voting machine hacker and computer security expert Harri Hursti agreed to take the challenge, and then Stone and the rest of the Riverside Supervisors began to go wobbly. Stone even went so far as to invent ridiculous, unrealistic, unilateral conditions for the hack test in a desperate letter sent to then-outgoing Secretary of State Bruce McPherson, in an apparent hope for a life line from the county's old, but now out-of-power, state ally up in Sacramento. He doesn't appear to have gotten one. The new SoS Debra Bowen's office has informally told The BRAD BLOG they see no legal hurdles to such an independent test of voting machine security.

But with internationally respected computer security experts such as Hursti and Dr. Herbert F. Thompson of Security Innovation (the author of some 12 books on the topic including How to Break Software Security: Effective Techniques for Security Testing and The Software Vulnerability Guide) and others having pointed out that Stone's unilaterally created conditions meant to simulate an attempted hack by a voter on election day were silly, unrealistic, and not the way such a penetration test would ever be carried out in the real world, Stone continues to cower behind them as reported by both media reports this week.

In doing so, Stone is tacitly admitting, of course, that his county's electronic voting systems --- which the Board of Supervisors and Riverside Registrar of Voters Barbara Dunmore have devoutly declared to be "secure" --- are, in fact, anything but.

They know damned well they are not. And their evidence-free claims to the contrary over the last 10 years or so are revealed as little more than unsubstantiated hot air now that their true lack of confidence in their own voting systems has been put on display for the world.

As they well know --- as do the Election Integrity advocates on the ground in Riverside --- the real threat to unsecured, hackable Electronic Voting Machines comes from insiders. That much has been written about time and again by computer security experts and in any number of reports on the topic. Even the biased and partisan and pro-electronic voting machine Baker/Carter Commission admitted as much when their final report on National Election Reform said, "Software can be modified maliciously before being installed into individual voting machines. There is no reason to trust insiders in the election industry any more than in other industries."

Revealed along with Stone's disingenuous "condition" in his letter to McPherson, that the hack tester may not "reach around the back of the machine" --- (Stone may have forgotten when he made his challenge initially that The BRAD BLOG had long ago reported that voters could vote as many times as they wanted on Sequoia touch-screen systems by merely pressing a yellow button on the back of the machine) --- the folks in Riverside have exposed themselves as knowing full well about the unreliability of their crappy, unsecured voting system.

Unless Stone allows a legitimate security penetration test to be held on his systems, as would occur in the commercial world for any such mission-critical, secure system, he is signaling to his constituents, the state of California, and America that even he has no confidence in the security of the equipment supplied to his voters to exercise their precious democratic franchise.

Two more reporters picked up the shameful tale this week in local media.

The Desert Sun's Nicole C. Brambila filed a short piece on Sunday headlined "Hacking debate gains traction" in which Stone and his pusillanimous peeps once again re-iterate the phony conditions for "no tools and no dismantling the machine. And, the hacker has to infiltrate the system in 15 minutes, the estimated time it takes a voter to do his or her civic duty."

We laugh knowingly in Stone's general direction. Even as he likely cries inside.

Of fresh note in Brambila's piece are these final grafs...

It may not be a very good day in the corporate offices at Diebold, but The BRAD BLOG has learned some big news that may well indicate today is a very good day indeed for the voters of America and specifically in California.

As incoming Sec. of State Debra Bowen was sworn in to her new office just moments ago, The BRAD BLOG can now reveal that one of the nation's top critics of unverifiable electronic voting systems --- and a key player across several states in the legal battles against voting machine companies such as Diebold, ES&S, Sequoia Voting Systems, and Hart Intercivic --- is today being named by the new California Sec. of State Debra Bowen as Deputy SoS for Voting Systems Technology and Policy.

Lowell Finley, the lead attorney for the non-partisan voting machine legal watchdog organization VoterAction.org, will be named to the position today.

In his new capacity, Finley will oversee testing and certification for all voting machine technology in the State of California. In a phone call this morning, Finley confirmed that he would be working closely in his new role with key national associations like the National Institute for Science and Technology (NIST) and the U.S. Elections Assistance Commission (EAC).

E-voting critics and at least one California Registrar of Voters have hailed both the swearing in of Bowen as SoS and her appointment of Finley, expressing delight to The BRAD BLOG over the news, characterizing it as a "colossal surprise" and a "very, very good sign for the future of voters' rights in California."

America's voting machine companies are less likely to feel quite as happy about the news.

Finley and VoterAction have filed a number of landmark lawsuits in several states, including in California, over the past year or so, demanding an immediate halt to the use and purchase of Direct Recording Electronic (DRE/touch-screen) voting systems and decertification of many of those systems, as well as improved processes for certification of such systems.

VoterAction is one of over 30 Election Reform organizations who recently went on record with an open letter to Members of Congress demanding federal legislation requiring a paper ballot for every vote cast in America. Such legislation would effectively ban the use of DRE systems, with or without a so-callled "Voter Verified Paper Trail" (VVPAT).

Bowen has been a dogged critic of former Secretary of State Bruce McPherson during her candidacy and in her role overseeing the Elections Committee as a California State Senator. She has criticized his lack of oversight and lax testing procedures, and has championed a "Voters' Bill of Rights" for the Golden State.

While a suit by VoterAction.org filed against former SoS McPherson and several CA Registrars of Voting --- concerning McPherson's certification of Diebold TSx touch-screen systems --- is still pending in state court, the disposition of that suit will likely change due to the fact that the lead defendant, McPherson, is no longer in office.

The Berkeley-based attorney Finley --- also one of the attorneys representing voter plaintiffs in the contested election in Florida's 13th Congressional district in Sarasota --- had one of his most recent and notable successes last September, when a Colorado judge ordered a complete review of certification procedures for voting machines in the state. The court found the official placed in charge of testing and certification didn't have the qualifications necessary, and performed little or no testing. That man, John Gardner, was appointed by former CO Sec. of State Donetta Davidson, who has been appointed by George W. Bush to head the U.S. Elections Assistance Commission.

The news of Finley's appointment will undoubtedly be of concern to the major voting machine companies that received little oversight from the former Sec. of State McPherson.

"I wish I was a fly on the wall in the offices at Diebold as they learn of this appointment. I'm sure jaws will be dropping and damage control will be ramping up," John Gideon of election watchdog organization VotersUnite.org told us today. (Gideon is also a frequent Guest Blogger here at The BRAD BLOG.) ...

In a letter obtained by The BRAD BLOG, Riverside County, California, Supervisor Jeff Stone attempts to move the goal posts concerning the ill-considered challenge he issued to Election Integrity advocates in December during a public, video-taped meeting.

The letter, sent by Stone on Wednesday to outgoing California Secretary of State Bruce McPherson, attempts to unilaterally create unrealistic (some might say desperate) conditions for a proposed hack test of the county's electronic touch-screen voting machines, made by Sequoia Voting Systems. When Stone initially issued the challenge, he included no such ground rules.

Computer scientists and security experts interviewed by The BRAD BLOG, as well as a number of reports and studies from nationally-recognized bodies, understand what Stone apparently doesn't: the major threat to voting machine malfeasance comes not from a voter walking up to a voting system on Election Day, but rather from insiders who are easily able to gain unsupervised access to the machines.

The letter to McPherson from Stone is posted in full at the end of this article.

As we reported in mid-December, Stone had challenged Election Integrity advocates from Democracy for America-Temecula Valley, during a public meeting of the County Supervisors, to bring in a programmer willing to attempt a hack of Riverside's voting system. His offer was simply "to set up an appointment with one of our machines and I’d like him or her [the programmer] to verify that they can manipulate that machine."

At the time, Stone also said that he was willing to "bet a thousand to one that they cannot do it." (A transcript of the entire, very brief exchange was posted in full in our initial report of the incident, along with links to two different video tapes of the encounter.)

The challenge was accepted the following week by the activists, who announced that noted Finnish computer security expert Harri Hursti had volulnteered to perform the tests. Hursti previously hacked a paper-based Diebold optical-scan voting system in Leon County, Florida, at the end of 2005, and helped to discover alarming vulnerabilities in Diebold touch-screen systems a few months later in Emery County, Utah.

At the same time, a number of other election integrity advocates announced they would stake $1000 for charity on the bet against Stone's $1 million.

Stone's challenge, as seen in the videos and transcript, specified no ground rules for the hack test, despite what Stone indicates in his letter to McPherson. The Secretary of State recently lost his election bid to the incoming Debra Bowen, who will take office this coming Monday. McPherson had been much criticized for his lax testing of voting systems and his close relationship with a number of voting machine companies such as Diebold. He had also been quite friendly with the all-Republican Board of Supervisors in Riverside, The BRAD BLOG has learned from sources on the ground. Bowen has been an outspoken critic of McPherson's rubber-stamp certification of electronic voting systems in the state as well as the lack of adequate security standards specified for their use.

In his letter --- notably sent to McPherson and not to Bowen --- Stone creates a number of ground rules which were neither specified at the time of the challenge, nor the norm for standard security and vulnerability testing of computer software and hardware. He incorrectly characterizes the December exchange with Election Integrity advocate Maxine Ewig this way, unilaterally creating absurd conditions for the testing in the process...

Tech Mag PCWorld named E-Voting #3 on their list of "The 21 Biggest Technology Mistakes of 2006"...

We've come a long way, baby.

And we also take year-end great pride in that folks look back on Princeton's Diebold Virus Hack as one of the seminal moments in this whole sordid affair. (The machine used in the research was a DRE/touch-screen system supplied to VelvetRevolution.us by a BRAD BLOG source and we then gave it to Princeton for their now-infamous study.)

First they ignore you.
Then they laugh at you.
Then they attack you.
Then you win.