Previously Unreleased 200-Page Report Said to Document Some 180 Security Flaws and Recommendations Made to Diebold and the State
Still Unclear as to Who Made Changes, Additions, Redactions to Publicly Released 40-Page Version of Report…
On Friday night, we broke Rebecca Abrahams's exclusive story concerning the long-sought yet never-released complete "Risk Assessment Report" of Diebold's electronic voting systems as commissioned by the state of Maryland from the Scientific Applications International Corporation (SAIC) in 2003.
Tonight, The BRAD BLOG is releasing that report exclusively in full as given to us by Abrahams, who says she obtained it from a source described to us as "a patriotic high-level state official." She says the source is "someone very close to this situation" in the Maryland government.
The original, never-before-released SAIC report was nearly 200 pages in all, and details a number of extraordinary security vulnerabilities found in Diebold's AccuVote-TS (touch-screen) voting systems as deployed by the state of Maryland initially in 2002. The version of the SAIC report that was eventually released to the public, after extreme redaction, was a mere 38 pages long.
It was reported by Abrahams that neither the full MD State Board of Elections, nor even the Governor himself, was ever allowed to see the full report.
Regarded by many in the computer science, security, and election integrity community as "The Pentagon Papers of E-Voting," the report as released by MD's State Election Administrator, Linda Lamone, was edited, changed, and, of course, highly redacted by someone.
To this date, it remains unclear whether or not Diebold itself was responsible for the changes, edits, and redactions, but according to several computer scientists and security experts with whom we discussed the matter today, the company currently seems to be the leading candidate responsible for changing and removing information from the independently commissioned SAIC report. Those with whom we spoke questioned the propriety of Diebold having such final control over an independent report concerning its own systems. Systems, we might add, that will be used across the state and indeed across the entire country this November 7th, despite the information withheld from the public in this 2003 report.
Also unclear --- since the state and virtually the entire computer science and security community have been unable to review the complete, original report until now --- is whether or not any of the various 180 or so recommendations for changes contained in the report have ever been addressed and corrected by either Diebold or the state of Maryland.
Myriad independent reports on Diebold systems have shown, over the last several months and years since the SAIC report was completed, that scores of serious security vulnerabilities still remain on Diebold's voting systems --- including their paper-based optical-scan voting machines, touch-screen voting machines, and even their central tabulator software.
Reports of these serious vulnerabilities have now been documented by Finnish computer scientist Harri Hursti, the computer security firm Security Innovation, and BlackBoxVoting.org in both Leon County, FL and then in Emery County, UT; by a team of scientists at UC Berkeley commissioned by the CA Sec. of State; by Princeton University; and even by the U.S. Department of Homeland Security's Computer Emergency Readiness Team (as The BRAD BLOG originally reported in September of 2005 after a tip from a Diebold insider).
Whether or not the vulnerabilities revealed in those subsequent studies --- made mostly over the last year or so, but some, such as the Dept. of Homeland Security's CERT alert came even prior to the 2004 Presidential Election --- were discovered previously in the full 2003 SAIC report has been widely questioned until now.
If, in fact, such vulnerabilities were indeed found in 2003 by SAIC but subsequently kept covered up by Diebold or their allies within the MD State Elections division, such as longtime booster Lamone, the question of accountability --- and even the specter of malicious out-and-out fraud --- has been raised.
During an interview with Abrahams and Stephen Spoonamore, the CEO of computer security firm Cybrinth Inc., on a radio program we co-hosted yesterday, they suggested that an FBI investigation may currently be under way in Maryland concerning several events surrounding the use of Diebold machines in the state.
We've not yet had time to review the entire unredacted report as posted below. However, given the importance of this never-before-released information --- and after close consultation with Abrahams and several others --- The BRAD BLOG feels the national public interest in the information contained in this report requires full and immediate release and disclosure.
The report, therefore, is released here for the first time...
--- Click here for REST OF STORY!... ---