Harri Hursti --- The Lead Programmer Who Hacked Diebold Systems in Both Florida and Utah --- Looking Forward to Testing the Security Vulnerability of Riverside County's Systems!
Election Integrity Individuals, Group, Stake $1000 for Charity on Supervisor Jeff Stone's Offer!
By Brad Friedman on 12/12/2006, 3:47pm PT  

An expert computer security programmer who successfully manipulated the results of a mock election held on a Diebold optical-scan voting machine in Florida, as well as finding major security vulnerabilities on a Diebold touch-screen system in Utah, has agreed to meet a public challenge to "manipulate" a Sequoia voting system in Riverside County, California.

Finnish computer security expert Harri Hursti, who along with Dr. Herbert H. Thompson
of Security Innovation accomplished the landmark Diebold voting machine manipulations, has agreed to meet the open challenge put forward by Riverside County Supervisor Jeff Stone during a video-taped public board meeting last week.

Several national Election Integrity individuals, along with the non-partisan watchdog organization VelvetRevolution.us, have agreed to stake $1000 to meet Stone's "thousand to one" bet that the county's voting machines, made by Sequoia Voting Systems, can indeed be manipulated.

As The BRAD BLOG reported last week, the gauntlet was thrown down at the county's Board of Supervisors meeting when, during the public comment period, Stone issued his challenge to Maxine Ewig, an Election Integrity advocate from the SAVE R VOTE project of Democracy for America (DFA) - Temecula Valley.

(Our original story linked to a video of the exchange as posted on the County's website. A different camera angle on the challenge, revealing an interesting expression or two from the County's Executive Officer, Larry Parrish, is now posted here in Streaming Flash Video, appx. 2 and a half minutes.)

The SAVE R VOTE members were on hand at the meeting to express a series of concerns about the security and accuracy of the county's voting systems in light of problems which plagued the county's 2006 election. The county has decided to create a "Blue Ribbon Commission" to look into reported problems, but announced today that they will not be including any of the Election Integrity advocate citizens from SAVE R VOTE on the panel.

After denials from several Supervisors that there were serious security concerns in their voting systems, DFA's Maxine Ewig had informed the board during the public comment period last week that she had been told by a programmer that they "had not seen any machine or program that could not be manipulated."

In response, Stone interrupted to make his challenge, offering "to set up an appointment with one of our machines" in order to "verify that [a programmer] can manipulate that machine."

"I'm gonna bet a thousand to one that they cannot do it," Stone said, before adding, "we should bring the media in" to witness the attempted manipulation.

It wouldn't be the first time Hursti hacked a voting system in front of the media. Both he and Thompson were seen performing a now-infamous Diebold optical-scan system hack in Leon County, Florida, in the recent HBO documentary film Hacking Democracy.

Hursti, writing to The BRAD BLOG from Shanghai where he is currently working on another project, decried the lack of "hack testing" for electronic voting systems now used across America and welcomed the opportunity to test Riverside's Sequoia system.

"It is important that all vendors' makes and models are tested against obvious attacks," he wrote.

Prior to the final confirmation of Hursti's agreement to participate in the hack test, DFA - Temecula Valley issued a press release this morning lauding Stone for the opportunity being presented for independent experts to test the county's voting system vulnerabilities. (Complete press release posted at end of this article.)

In an email sent to The BRAD BLOG earlier today, Ewig wrote that she was "pleased [to have] Hursti's commitment to come to Riverside County to demonstrate the vulnerability" of the Sequoia systems.

Security Innovation's Thompson --- who worked with Hursti, along with election watchdog group BlackBoxVoting.org, on the hack of the Diebold optical-scan system in Leon County, FL, last December as well as the touch-screen system last March in Emery County, UT --- was also excited at the opportunity to examine Riverside's voting system....

"It's fantastic that we in the computer security community are now actively being given a chance to vet these machines," he told us in a phone call earlier today.

Thompson, who was recently named one of the "Top 5 Influential IT Security Thinkers" for 2006 in the December issue of the well-respected computer security journal SC Magazine, believes the notion of allowing independent testing of such systems can have only a positive effect.

"Until we have security standards around voting hardware and software, open challenges are a great step forward in giving citizens confidence in the voting process," he said.

As the voting machine company Diebold has received the bulk of national attention surrounding security issues in light of several recent hacks (here, here and here) and reports (here, here and here) on security vulnerabilities in their electronic voting equipment, Thompson is eager to see similar attention given to voting systems from Sequoia.

"All the attention that's been paid to Diebold really brings out the bigger issues of the lack of security standards," he explained. "Being able to test and verify a different system is going to be a valuable litmus test for judging the current security procedures [used] for certification of the systems now in place and how those need to change."

The Voting Machine Companies in America have maintained their hardware and software is proprietary and have continually disallowed any independent investigation or testing of their systems, even by officials who use their systems at the federal, state, and local levels.

DFA's Tom Courbat, an activist who was instrumental in exposing the "yellow button" issue on Sequoia touch-screen machines just prior to the November election (allowing a voter to put the machine into manual mode and vote as many times as they like), sees the opportunity as "historic" and "saluted" Stone for "his generous offer to make a Sequoia voting machine available for security breach testing, in public, with the media present."

Courbat, who once worked as the Finance Director for Riverside County --- the first county in the nation to implement touch-screen voting --- said this is "the boldest step ever offered by a local official on a governing board with regard to voting machine security."

"This is truly one of the most important moments in local government history," he said today upon confirmation of Hursti's agreement to participate in the testing. "Finally, a member of a legislative governing body in the county of Riverside is taking a giant step to enhance transparency in local government. The first steps were taken by [Leon County, FL, Supervisor of Elections] Ion Sancho and [Emery County, UT Election Clerk] Bruce Funk. In both cases, the vulnerability of the machines was demonstrated with ease."

Funk was pushed out of his 23-year elected position in Utah after he allowed Hursti and Thompson to inspect the Diebold TSx touch-screen systems the state had forced Funk to employ for the 2006 elections. The tests in Utah revealed several major vulnerabilities characterized by computer voting experts as "the most severe security flaw ever discovered in a voting system" (New York Times), "the worst-case scenario" (Associated Press) and "a major national security risk" (BRAD BLOG). We interviewed Funk on the radio shortly after the incident while guest hosting on Peter B. Collins earlier this year. That interview can be heard here.

Sequoia's voting system has already shown itself to be vulnerable to manipulation. Earlier this year, while demonstrating security features in Sequoia's system for the state of Pennsylvania, Carnegie-Mellon professor Dr. Michael Shamos, a supporter of electronic voting, accidentally hacked Sequoia's tabulator computer. As a result, Pennsylvania ended up using Diebold systems, which they subsequently were forced to sequester and quickly attempt to patch after the Emery County, UT, test revealed the newly discovered vulnerabilities just prior to the state's primary election last spring.

Details on the arrangements for the testing have yet to be worked out. However, shortly after the news of Stone's offer last week, five different national leaders in the field of Election Integrity (who have requested anonymity) each offered to put up $100 towards the challenge. The non-partisan Election Integrity organization VelvetRevolution.us has agreed to match that amount for a total of $1000 to be put up against Stone's $1 million --- as based on his "thousand to one" bet offer. Both VR and the individuals have agreed that any winnings from the wager will be given to charity.

(DISCLOSURE: The BRAD BLOG is a co-founder of VR.)

We have left a message with Stone asking for comment and hope to hear back from him. We'll update this story with any comment when and if we do.

Other members of the Board at last week's meeting expressed a great deal of confidence in the county's voting system, suggesting that Riverside has held election after election with few, if any, reasons to have concerns about the results produced by their Sequoia voting machines.

"I hope that the Riverside County Board of Supervisors will be as visionary as one of their members, Jeff Stone, in supporting Mr. Stone’s offer to test the security of the voting system in Riverside County," Courbat wrote to us this afternoon. "Regaining voter confidence calls for nothing less."

This morning's press release from DFA - Temecula Valley follows in full...

December 12, 2006 8:50 a.m.

SAVE R VOTE* Responds to Supervisor Jeff Stone’s offer to “verify they can manipulate the [Riverside County Sequoia Voting] machine”.

Offer Accepted.

At last week’s Board meeting, Supervisor Jeff Stone challenged Maxine Ewig of SAVE R VOTE to bring in a computer programmer to attempt to “manipulate the [Sequoia voting] machine”. He made the challenge twice, going so far as to bet “1,000 to 1” that it couldn’t be done.

SAVE R VOTE has consistently expressed concerns about the lack of a proper and perpetual chain of custody and security of the voting machines and the memory cards upon which the votes are electronically recorded. Further, we have expressed concerns regarding voting machines spending several evenings prior to Election Day in locations that cannot be legitimately designated as secure from tampering.

SAVE R VOTE has received widespread interest from a number of computer experts. We are pleased to announce that a notification of commitment has been received from a computer programmer who will take on this challenge, in public, in front of media cameras and reporters, as Mr. Stone suggested. Details are being finalized and will be announced in the very near future.

We welcome Mr. Stone’s offer and commend him on his forward [out-of-the-box] thinking. This demonstration of transparency will publicly answer questions about the county’s voting system, and by welcoming the media, voter confidence may be restored.

We believe the county wins either way – if the machine cannot be manipulated, the voters can feel more confident in using the e-voting machines; if it can be manipulated, it can become a point of departure in looking at ways to shore up the system or consider alternatives. With the upcoming presidential primary election only 18 months away, the conduct of this examination allows just enough time to make whatever changes might be dictated by the outcome. Again, we commend Supervisor Stone for extending this opportunity and we look forward to this [voting system] computer security demonstration.

*SAVE R VOTE is a project of Democracy for America – Temecula Valley