After Finding Diebold's Tabulator Had Secretly Deleted Ballots from '08 Election, Humboldt's Election Chief Rushes to Buy New System From Different Vendor Without Adequate Public Discussion Period, According to Election Advocates
State-Commissioned Studies Find Hart InterCivic Ballot Scanners Vulnerable to 'Simple Attack', 'Malicious Alteration of Vote Totals'...
By Brad Friedman on 12/19/2008, 1:05pm PT  

Following the discovery of hundreds of ballots deleted by Diebold's paper ballot op-scan system in Humboldt County, CA, the county's election chief Carolyn Crnich has finally decided to dump Diebold all together. That's the good news.

The bad news, as longtime local election integrity advocate Dave Berman detailed this week, is that Crnich has decided to jump out of the frying pan, and into the fire with a different op-scan system, made by a different private vendor, using similarly secret software, with many of the same problems found in the crappy Diebold system she's finally tossing over the side.

A spokesman for Hart InterCivic, the private Austin, TX company which makes the paper ballot op-scan system Crnich is hoping to use, defended the county's planned move, though he had to make some erroneous claims to The BRAD BLOG in order to do so...

The options for e-voting systems are admittedly not good for any election official these days, given the untested, consistently failing crap that's been allowed for use by federal and state officials. But it seems that Crnich may be rushing into yet another mistake by disallowing the public a chance to offer input into the newly chosen, badly flawed system made by Diebold competitor Hart InterCivic.

Berman says the decision is being made too quickly, and calls the selection of Hart a "false alternative to Diebold"...

Whatever the supposed relative merits may be for Hart compared to Diebold, this is the epitome of a false alternative, the appearance of choice in a no-win situation. We will still be using an accuracy-challenged proprietary and secret system found vulnerable to undetectable manipulation by California's Top To Bottom Review, Ohio's EVEREST study, and Colorado's Secretary of State.

Berman quotes Crnich from a recent Wired article, admitting to her earlier failures to listen to folks like Berman and others who'd warned her about Diebold (now renamed Premier) voting machines:

"I've always sort of listened to those anecdotal incidents with a jaundiced ear because California has some very stringent requirements of election systems that are in use here as well as some very strict security procedures and I didn't think those things affected us here," she said. "But this has sort of put a cloud over any confidence that I had in the Premier equipment that's been in this department since 1995."

He goes on to argue that it might be good if, this time around, Crnich took the time to listen to the folks who'd warned her about Diebold/Premier in the first place, years ago, before opting for yet another system with many of the same problems.

"I can only think to call this a bittersweet irony," writes Berman. "After years of urging the immediate abandonment of Diebold equipment, now Humboldt County can't drop the hot potato fast enough," he says, before detailing just some of the known problems with Hart InterCivic's paper ballot op-scan system, as revealed by several studies commissioned recently in a number of states.

From California's 2007 "Top-to-Bottom Review" (TTBR) tests of the Hart eScan voting system:

[The "Red Team" security testers were able] to maliciously alter vote totals with the potential to affect the outcome of an election. These attacks were low-tech and required tools that could be found in a typical office.
...
The Red Team implemented an attack devised by the 2007 TTBR Hart Source Code Team that was able to extract election-sensitive information from the eScan and issue administrative commands to the eScan. The leaked information would allow an attacker the ability to execute further attacks, while administrative commands issued to the eScan could erase electronic vote totals and audit records from an eScan while putting it out of service for the remainder of the Election Day.

Ohio's 2008 EVEREST testing confirmed CA's findings, and offered additional troubling concerns, such as:

We were able to exploit a number of vulnerabilities in the eScan that could give election insiders the ability to compromise election results and voter privacy. Some of these were a result of a lack of physical security. We were able to replace the eScan's internal flash memory card containing the eScan executable and configuration file with only a screwdriver in about 2 minutes. After replacing the card, we were able to boot the eScan into the Linux operating system. This simple attack gives a single poll worker with a few minutes of unobserved access to the eScan the ability to undermine all votes cast at a precinct...
...
We discovered that with a handheld device such as a Palm computer, an attacker with an Ethernet cable can mimic the actions of SERVO to the eScan during a live election, and cause the vote records and audit logs to be erased from both the eScan's internal memory and the MBB inserted into it (EVEREST 20.3.7). Any voting that had occurred on the eScan to that point would be erased, necessitating a manual recount.
...
Autovote could be used in tandem with the eScan's duplicate ballot feature to perform a ballot stuffing attack. Using Autovote ballots is advantageous over using photocopies, as each Autovote ballot has a unique serial number, and thus cannot be differentiated from legitimate votes in an audit.

Hart is Currently a Dead End in California...

Election watchdog organization VotersUnite.org's John Gideon (a frequent BRAD BLOG guest blogger) notes an additional concern about the move to Hart's system: The company has decided it will no longer participate in the U.S. Election Assistance Commission (EAC)'s federal e-vote testing and certification program.

"The selection of Hart is a bit strange in light of the fact that Hart has removed themselves from all EAC certification testing," he writes, explaining that Humboldt, "will not, in the future, have a voting system that has been tested to the voting system standards and certified by the EAC."

Given that California requires all systems used in elections be first federally certified, it seems that Crnich may be choosing a dead end with the Hart system. Changes or modifications to the software or hardware that may be needed for Humboldt will not be able to be implemented, since they will not be certified at the federal level, as required by CA law, if Hart continues to refuse to participate in the federal program.

Hart spokesman Peter Lichtenheld, however, takes exception to Gideon's characterization of his company's current lack of participation in the EAC's testing and certification process and tells The BRAD BLOG that their participation in the program may change in the future, though he's forced to use some fairly hefty spin to make his case.

"It is not correct to say that we are no longer participating in the EAC program," Lichtenheld wrote in response to our inquiry. "The EAC is currently developing and tweaking a certification process. We've chosen to let others invest in this and when there is clear direction and proof that the process works, we'll make the decision about sending our new products through it. In the meantime, we are participating with the EAC everywhere we are allowed to give input to help improve the process for our future products."

Lichtenheld is referring to the EAC's new testing process which is far more thorough than their previous program, which had been run by the National Association of State Election Directors (NASED), and which had allowed faulty systems, such as Hart's, and the Diebold system which failed in Humboldt, to receive federal approval in the first place. The recently revamped EAC process has been criticized by election officials and vendors as taking too long to approve new systems, while election advocates have lauded the more stringent and somewhat more open testing procedures.

Why Hart believes they should have "input to help improve" a supposedly independent, federally-run testing process is unclear. The testing of voting systems, previously carried out by private labs, chosen and paid for by the private companies themselves, which included completely secret testing, has now been changed by the EAC to be more independent of those companies. Those changes led to the withdrawal of Hart from the process.

Lichtenheld went on to add that while his company may re-enter the EAC program in the future, their lack of participation currently doesn't mean they can't do business in CA, but his comments on that point were inaccurate.

"Not having a system in the current EAC pipe today has nothing to do with (1) being able to sell to CA counties today, (2) what we'll have in the EAC pipe in the future and (3) our ability to work with the state to deliver incremental changes (which the state has the power to do). We do have a pathway forward for our customers," he wrote.

But while Lichtenheld is correct that Hart may still do business in CA, he is wrong about being able to "deliver incremental changes," since they must be approved by the EAC first in CA. In a followup phone call with him this afternoon, Lichtenheld admitted that they'd not be able to upgrade any systems in CA unless they either re-entered the EAC program or the CA legislature changed the state election code to remove the requirement for federal testing of voting systems.

"Currently, in California, you are correct," he admitted when we called him on his erroneous claim. "But things can change. You're right, it wouldn't be an easy process. But we don't see it as a dead end."

He doesn't, but election integrity watchdogs will likely see things differently.

So, for now, it looks like it'll be the e-voting Texas two-step for Humboldt, with Allen, TX's Diebold/Premier and Austin, TX's Hart InterCivic: One step forward, one step back.

Recently related at The BRAD BLOG:

As long promised, The BRAD BLOG has covered your electoral system 2008, fiercely and independently, like no other media outlet in the nation. Please support our work with a donation to help us keep going. If you like, we'll send you some great, award-winning election integrity documentary films in return! Details on that right here...