Several Counties 'Locking Down' Machines as Company Promises Last Minute Software Fix Just Before Upcoming Primary Election
Election Integrity Advocates Suggest Warning May Stem from Recent Independent Voting Machine Analysis Revealing Major Security Flaws in Diebold Hardware and Software
By Brad Friedman on 5/4/2006, 12:27pm PT  

Just weeks before their May 16th Primary Election, the Pennsylvania Sec. of State, Pedro Cortez issued a Security Alert late Tuesday concerning a "potential security vulnerability" in Diebold electronic voting machines which could " allow ''unauthorized software to be loaded on to the system." The warning was revealed yesterday at a meeting in Schuylkill County.

Details about the warning are still sketchy this morning, and we're trying to learn more, but The Morning Call is reporting today that the "glitch" was "found" by Diebold and counties are now being instructed to lock down systems and seal the memory cards into them.

A "fix" is said to be on its way from Diebold, though that begs the question of whether the last-minute software patch will be certified by federal and/or state authorities before it's installed on machines that have already proven to be vulnerable to hackers and other failures.

(As regular BRAD BLOG readers know, even if the software is inspected by federal authorities before being installed in machines, there is no guarantee that those authorities will find the bugs and illegal code that Diebold is quickly becoming famous for. The federal so-called "Independent Testing Authority" (ITA) is paid for by the voting machine company's themselves and has overlooked gaping flaws in software submitted by the vendors for years).

Says the Morning Call today about the security warning...

A ''potential security vulnerability'' in machines sold by Diebold Election Systems Inc. of McKinney, Texas, could let ''unauthorized software to be loaded on to the system,'' Pennsylvania Secretary of State Pedro Cortez said in a warning issued to the counties.
...
Schuylkill County Commissioner Mantura Gallagher revealed the alert at a meeting Wednesday.
...
Gallagher said she and Schuylkill Election Bureau Director Elizabeth Dries discussed heightened security.

''We are going to do everything we can to make sure these machines are not touched by anyone before the voters begin to vote,'' Gallagher said. Dries will ''have these machines under complete lockdown. She is using some for training, but will clear the systems and have them programmed again and that's when they are going to go into lockdown.

As we try to learn more, regular BRAD BLOG Guest Blogger, John Gideon of VotersUnite.org, sends in some of these questions, "What is this ''potential security vulnerability'? Does it affect other Diebold machines in other states? Why has there been no press release? If they are going to be adding software fixes why does that fix not have to be federally tested and certified before it is installed on PA's machines?"

We're hearing word from Election Integrity advocates on the ground in PA that the problem found is a "major" one and may relate to issues recently revealed in Emery County, UT. The advocates had alerted PA officials to the problems last week (Diebold, of course, doesn't seem to have done so. Emery's County Clerk, Bruce Funk recently allowed a security team organized by BlackBoxVoting.org to inspect Diebold's AccuVote TSx (touch-screen) voting machines.

Though the team has yet to issue their final report, early word from the team revealed a host of troubling problems, including mis-matched software, questionable memory usage, used machines re-packaged as new, electrical hazzards and a proclivity for paper jams on the "voter-verified paper trail" printers.

Funk, who had been Emery County's elected clerk for 23 years, has since been forced out of his job by state officials after allowing the independent security analysis of those machines which he was forced to use by the Utah Sec. of State. (Listen to Brad's radio interview with Funk here [MP3].)

Diebold's voting systems, both touch-screen and optical-scan were found to be hackable in a mock election test in Leon County, FL last December which flipped the results of an election without a trace being left behind. The discovery prompted an independent security analysis by a team commission by CA Sec. of State Bruce McPherson (a Diebold supporter) which confirmed the problem and found 16 more bugs categorized as a "more dangerous family of vulnerabilities" that "go well beyond" what was revealed in Leon County.

In elections held this past Tuesday around the country, massive failures of Diebold voting machines caused problems in several jurisdictions including Cuyahoga County, OH and Barry County, MI. The problems have forced Elections Officials to count scores of thousands of ballots and "paper trails" by hand.

One bit of poor reporting by the Morning Call needs to be pointed out here as well:

Counties bought the machines to comply with the federal Help America Vote Act, passed in 2002 after voting problems in Florida in the 2000 presidential election. The law forbids counties nationwide from using lever machines or paper ballots to conduct federal elections because they are deemed unreliable.

That is patently incorrect. The law does not deem such non-electronic voting devices to be "unreliable" or "forbid" their use as far as we know. Paper ballots are still being used in jurisdictions around the country, including at least seven counties in California who have recently announced they will use paper ballots instead of the Diebold systems they had planned to use previously, due to the continuing problems revealed in Diebold voting systems.

As well, a lawsuit was recently filed against CA SoS McPherson and the county's who had been planning to use Diebold touch-screen systems. A similar suit, The BRAD BLOG has learned, may soon be filed in Pennsylvania.

UPDATE 5/5/06: MAJOR UPDATE TO THIS STORY NOW POSTED HERE...