Sec. of State Bruce McPherson, 18 County Registrars Named as Defendants
Violations of State, Federal Laws Alleged, State Senator Releases Comment Condemning McPherson, Outlining Violations
By Brad Friedman on 3/21/2006, 1:46pm PT  

As The BRAD BLOG broke yesterday, a lawsuit has today been filed in San Francisco Superior Court demanding that California Sec. of State Bruce McPherson follow state and federal law in regards to his recent re-certification of Diebold voting machines in the state.

McPherson is named, along with 18 California county registrars, as defendants in the suit which calls for a ban on the use an new purchase of Diebold voting machines in the state. The suit was filed by VoterAction.org on behalf of 25 California voter/plaintiffs.

-- Here is a complete copy of the lawsuit file today [PDF]

Reuters originally reported on the story an hour or so ago as "Diebold Inc. sued over California voting systems". That headline is, in fact, incorrect. They have now reissued the story with the more accurate headline "California sued over Diebold voting systems".

The lawsuit against Diebold, we imagine, will come later after California is ready to admit how they've been screwed by the company and they try to recover the millions they've lost in betting on the wrong horse.

VoterAction is the non-profit organization who brought the actions that led to both the decertification of Diebold in California in 2004 and, more recently, the ban on the purchase of Sequoia voting machines in New Mexico (which led to a new law in the state requiring a paper ballot for every vote cast.)

We're short on time today, and haven't even been able to review the complete suit yet, so we'll let State Sen. Debra Bowen's press release in regard to the lawsuit, do the reporting for us since she's generally nailed all the factual basis for the complaint and explains exactly how McPherson's certification of Diebold is in violation of several state and federal laws.

Bowen, who is running herself for Sec. of State this year, also presents a very useful timeline in the release, explaining how we got here in the first place, and how it is that McPherson seems to have simply disregarded the law in favor of his good friends at Diebold.

Remember, as goes California (or as Diebold likes to call it, "America's largest voting market") goes, so goes the country...In other words, this suit is much bigger than just California...

FOR IMMEDIATE RELEASE: March 21, 2006
CONTACT: Evan Goldberg, (916) 651-4028/(916) 215-5953

BOWEN COMMENTS ON LAWSUIT FILED AGAINST SECRETARY OF STATE FOR HIS DECISION TO CERTIFY DIEBOLD VOTING MACHINES IN CALIFORNIA

SACRAMENTO ? The non-profit group Voter Action filed a lawsuit today in San Francisco Superior Court against Secretary of State Bruce McPherson, asking the court to reverse the Secretary's decision to re-certify the Diebold TSx electronic voting machine for use in California. The suit was filed on behalf of 25 California voters, including Dolores Huerta of the United Farm Workers and Bernice Kandarian of the California Council of Citizens with Low Vision.

Senator Debra Bowen (D-Redondo Beach), the chairwoman of the Senate Elections, Reapportionment & Constitutional Amendments Committee, has been arguing for over a month that the Secretary of State's February 17 decision to re-certify the Diebold system for use in California violated state law.

"The lawsuit puts the spotlight on the question of whether the Secretary of State has the power to ignore the law when it comes to certifying voting equipment for use in California," said Bowen. "California law requires voting machine makers to comply with the EAC and FEC standards, but the Diebold machines fail that test because they rely on interpreted code to operate. The law also requires the paper trail to be accessible to visually-impaired voters, which the Diebold machines also fail to do. The Secretary bungled the Diebold re-certification application by ignoring the law and refusing to make key information public, such as an internal study that found 16 security flaws in the Diebold machines, until after he'd decided to re-certify Diebold for use in California."

According to Bowen, the Diebold TSx fails to comply with two California laws. First, the law requires the accessible voter verified paper audit trail (AVVPAT) that all direct recording electronic (DRE) machines are required to produce to be accessible to visually-impaired voters. However, the Diebold TSx simply reads back how a person's vote was electronically recorded, not how it was recorded on the AVVPAT, making the Diebold AVVPAT useless for visually-impaired voters. Second, the law requires all machines to comply with the voluntary standards established by the Federal Election Commission (FEC) and the Election Assistance Commission (EAC). Those standards prohibit the use of machines that rely on "interpreted code" to operate, and the Diebold machines rely on interpreted code to function. In addition to those two laws, the lawsuit alleges the Secretary of State violated five other provisions of law when he re-certified the Diebold TSx.

"The Secretary of State let the tail wag the dog during this entire process now the voters have decided to call him on it," continued Bowen. "He waited too long to order the voting machine vendors to submit their certification requests to him for review. Then, when faced with the choice of upsetting Diebold and the counties or ignoring both the law and the voters, he opted for the latter and dared someone to sue him in order to enforce the law. As the lawsuit makes clear, the Secretary of State gave Diebold the green light to sell its machines in this state even though its machines don't meet the standards we put into law on a unanimous, bi-partisan vote two years ago."

Following is a timeline of the important dates and actions related to the Secretary of State's decision to re-certify the Diebold voting systems:

August 3, 2005 ? Secretary McPherson announced, "All systems certified by the Secretary of State's Office shall comply with the standards and requirements of the Help America Vote Act of 2002 (HAVA) [Public Law 107-22, 106th Congress], including all requirements, standards and regulations promulgated pursuant to authority derived from HAVA, as well as complying with all other applicable requirements and standards explicit in federal and state laws, and any requirements, standards and regulations deriving authority from federal and state laws." This means all systems certified for use in California have to comply with the 2002 Voting System Standards adopted by the FEC and the EAC that ban the certification of voting machines that contain interpreted code.

October 3, 2005 ? The Diebold system is federally qualified and is assigned NASED number N-1-06-22-22-002. However, as the Secretary notes on December 20, this review and qualification failed to look at the machine's memory cards.

November 21, 2005 ? Secretary McPherson conducts a public hearing on Diebold's application to have its voting systems re-certified for use in California. Although the Secretary's staff report recommends re-certifying the machines, no decision on re-certification is reached due in part to concerns raised during the hearing.

December 20, 2005 ? Secretary McPherson announces he won't consider approving the Diebold systems until the ITA acts on his request to review the Diebold memory cards. He states, "During a thorough review of the application for the Diebold system currently pending certification, we have determined that there is sufficient cause for additional federal evaluation. I have consistently stated that I will not certify any system for use in California unless it meets the most stringent voting system requirements." Attached to his statement is a letter from the chief of the Secretary's Elections Division to Diebold stating, "We require this additional review before proceeding with further consideration of your application for certification in California. Once we have received a report from the federal ITA adequately analyzing this source code, in addition to the technical and operational specifications relating to the memory card and interpreter, we will expeditiously proceed with our comprehensive review of your application."

January 1, 2006 ? Two key provisions of SB 1438 (Johnson) of 2004 take effect. The first requires each direct recording electronic (DRE) voting machine used in the state after this date to come with an accessible voter verified paper audit trail (AVVPAT). The law requires the information from the AVVPAT to be provided to the voters in both a visual and a non-visual method, such as through an audio read-back of the AVVPAT. The second requires each DRE system to receive federal qualification, which is defined by California law as meeting or exceeding the standards set by the FEC, EAC, or the National Institute of Standards and Technology (NIST).

January 18, 2006 ? The Secretary of State's staff, in a hearing of the Senate Elections, Reapportionment & Constitutional Amendments Committee, publicly announces that the state process for certifying voting machines can't begin until the federal process is completed. The Secretary of State's staff notes it won't begin the process of determining whether the Diebold machines should be re-certified until the ITA responds to the Secretary's December 20, 2005, request for further testing.

February 17, 2006 ? Secretary McPherson announces that he has re-certified the Diebold machines despite the fact that the ITA report he requested in December hasn't been completed. The Secretary explains he made his decision after receiving a yet-to-be-released report conducted by his own Voting Systems Technology Assessment Advisory Board (VSTAAB).

February 17, 2006 ? After issuing his certification order, Secretary McPherson releases the VSTAAB report, which is dated February 14, 2006. Prior to its release, there was no public notice that such a report was being developed or would be the basis for the Secretary's decision. The report concludes there are a minimum of 16 security flaws in the Diebold machines, noting, "These bugs would have no effect at all in the absence of deliberate tampering, and would not be discovered by any amount of functionality testing; but they could allow an attacker to completely control the behavior of the [voting machine]. An attacker could change vote totals, modify reports, change the names of candidates, change the races being voted on, or insert his own code into the running firmware of the machine." The report also notes the Diebold machines rely on interpreted code, stating, "Interpreted code in general is prohibited by the 2002 FEC Voluntary Voting System Standards, and also by the successor standard, the EAC's Voluntary Voting System Guidelines due to take effect in two years. In order for the Diebold software architecture to be in compliance, it would appear that either the AccuBasic language and interpreter have to be removed, or the standard will have to be changed." The FEC standards that ban the use of interpreted code are the very standards the Secretary pledged to follow on August 3, 2005.

February 22, 2006 ? Senator Bowen writes to Secretary McPherson, calling on him to reverse his February 17 decision to re-certify the machines. The letter states the Secretary's decision is: 1) Contrary to his August 3, 2005, promise not to certify machines that don't comply with all federal guidelines and regulations; 2) Contrary to his December 20 statement to wait for the ITA to complete its tests of the Diebold memory cards; 3) Contrary to state law requiring any machine that's certified for use in the state to also be federally certified (although technically the Diebold machines have a federal certification number from October 3, 2005, the Secretary himself pointed out on December 20, 2005, that the certification didn't review the Diebold memory cards, which is why the Secretary sent them back for review); 4) Contrary to the state law requiring all direct recording electronic voting machines to have an accessible voter verified paper trail that provides a visually-impaired voter with an audio read-back of what's recorded on the paper trail; and 5) Out of compliance with the law requiring a public hearing on a voting system because the report upon which the Secretary's approval was based wasn't prepared or released until nearly three months after the original public hearing.

February 28, 2006 ? Secretary McPherson releases the ITA report ? dated February 23, 2006 ? from CIBER on the Diebold memory cards. The report notes the Diebold system uses interpreted code ? something banned by the FEC standards the Secretary said on August 3, 2005, he would follow. The report also identifies at least three security vulnerabilities and a number of requirement violations. The report notes, "Certain vulnerabilities in this report may require a portion of the code to be modified in order to correct the vulnerabilities identified. To ensure that the efforts to correct vulnerabilities do not introduce new vulnerabilities, CIBER strongly recommends retesting of the remediated code prior to its migration to a production environment." The report also states, "Error handling appears to be adequate for a system that executes in a perfect running environment. However, the interpreters do not have the proper degree of effort checking to identify or recover from key failures in a damaged, altered or dysfunctional environment. Our reasoning for increasing the security on the code is because the object code traverses potentially untrustworthy hands . . . Since the object code is on the memory cards being distributed, it is a prime target for potential tampering."

###