With Additional Reporting by John Gideon
On Friday, November 25, a news story appeared in the San Francisco Chronicle by political writer John Wildermuth reporting that the California Secretary of State’s office would be allowing Election Reform activists to perform an attempted hack of voting machines on Wednesday, November 30th. That report was soon picked up by the Associated Press and other outlets where it was repeated, in part, in newspapers, radio and television across the nation. Headlines along the line of “Hacker to try to attack state voting machines” were blared across the media throughout the holiday weekend.
While the story seems to be based in some reality, reporting by The BRAD BLOG over the last several days has revealed that the matter seems to be a far cry from the way it has been reported by the Mainstream Media. In fact, while negotiations for such a test are ongoing, the parameters to be used are still being hashed out, no definite schedule has yet to be determined, and Finnish computer scientist Harry Hursti, who created this particular method for hacking into Diebold voting machines has made no plans at this time to travel to the United States to perform the hack attempt.
Such a test, if performed, could be crucial to a decision soon to be made by CA Sec. of State Bruce McPherson about whether to allow various Diebold voting systems in the state. That decision, in turn, will likely effect decisions by other states and counties around the U.S., all of whom are facing a January 1, 2006 deadline set by the Help America Vote Act (HAVA) to be met if jurisdictions are to receive millions of dollars in Federal money to help pay for “upgraded” Electoral Systems.
California’s Republican Sec. of State McPherson had famously refused to re-certified Diebold’s AccuVote TSx touch-screen voting machines over the summer after a major test in the state had found that some 20% of the machines had failed to perform as promised with printers jamming and screens freezing at an unacceptable rate. Diebold’s machines had previously been de-certified by former Democratic Sec. of State Kevin Shelley. McPherson’s sudden about-face concerning Diebold has caught many by surprise. The potential change of position towards Diebold was discovered recently and sent a shockwave through the Election Reform activist community who then converged on Sacramento to complain about the apparent flip-flop by the Sec. of State.
The Mainstream Media — Apparently Misled by the Sec. of State — Gets It All Wrong?
In his article for the Chronicle, Wildermuth leads off with the following information:
“A computer hacker will be trying to break into one of California’s electronic voting machines next week, with the full cooperation of the secretary of state.”
The report seems to be based on information Wildermuth was given by CA Sec. of State spokesperson, Nghia Nguyen Demovic. In speaking about the test, Ms. Demovic is quoted as saying, “This is part of our security mission. We want to make sure that every vote is counted and registered correctly.”
The article goes on to say that the test will be conducted on a machine selected randomly from one of the 17 California counties that currently use the Diebold system. The article also states that Diebold wanted the test to be accomplished on a machine that they would provide for the test but that such a condition was opposed by both the state and the critics of the company.
The Facts Comes to Light…
The fact is that the facts stated above and in the Wildermuth/Associated Press articles are not factual. Information gathered from several sources at BlackBoxVoting.org (BBV), the organization who originally arranged for computer scientist Hursti to perform a similar hack on Diebold election machines in Leon County, FL claim that, though negotiations for a similar test in California are on-going, the parameters for such a test have not yet been agreed upon, and Hursti has not been notified to make travel-plans to come to Sacramento to perform his test. BBV has offered more details about the ongoing negotiations on their website.
Was the reporter given misinformation by the Secretary of State’s spokeswoman? The BRAD BLOG has been unable to contact Demovic at the SoS office over the holiday weekend, but we will attempt to do so as soon as possible and will report back with any additional information we are able to receive.
The BRAD BLOG has learned, however, from BBV that though Hursti has been in contact with someone representing the Secretary of State’s office, there has been no formal invitation for him to fly from his home in Finland to do any testing as of this time.
There has also been no final agreements made on any of the protocol and ground rules to be used in the test. For example, no decision has yet been made on the contentious matter of where the machine, or machines in the test, will come from. Comments from BBV have indicated that there is still confusion on whether a Diebold-supplied machine will be used, or whether, as they prefer, a machine will be selected from one of the many that have already been used in a California election.
BBV Board Member Jim March recently told us via Email that BBV “want[s] test protocols that meet a minimum level of scientific validity, such as voting machines that are of the type currently in use and randomly picked from California counties like Alameda, Placer, etc.”
State Wants Test Results of Diebold’s Secret Software to be Kept a Secret…
More troubling details are revealed in the proposed test parameters, as published on the BBV website [PDF] which mysteriously only cover the Diebold Optical-scan system and do not mention the more controversial Diebold TSx touch-screen devices.
The parameters as proposed would institute a 30-day confidentiality period and require all participants in the test to sign confidentiality agreements! In other words it could be late January ? long after the HAVA deadline has come and gone — before any official results are released from the test?if it is ever actually performed.
With just over one month left before HAVA’s January 1, 2006 deadline by which time Boards of Election around the country must have made decisions about their new voting equipment, any such test results warning against the purchase of Diebold equipment might come too late.
The test confidentiality agreement allows Diebold to keep the results secret. So if the hack is successful no one will know about it until after they have made their decision and signed contracts. Imagine New York or New Jersey, or any of the other states now deciding on new voting technology, finding out only after they have chosen to enter into multi-million dollar contracts with Diebold, that the system they chose had failed testing in California and the California Secretary of State knew all about the failure but was sworn to secrecy.
Ian Hoffman of The Oakland Tribune offers a more accurate account today of the ongoing story, avering that such a test will most likely not occur until Mid-December if at all. His story also gives more details on the two different ‘hack tests’ that both the state and the activists hope to see performed.
The BRAD BLOG has learned, from sources at BBV, that the non-profit Election Reform watchdog group is keenly interested in being allowed to perform these tests, but have concerns that the ground-rules to be set offer a level playing which hasn’t been gamed-in-advance by specially prepared Diebold voting machinery and software.
BBV’s March and founder Bev Harris — both of whom were awarded money in a previous settlement with Diebold brokered by the state of California concerning a challenge to the Voting Machine Company’s prior contractual failures in the state — have expressed concerns about being “gag-ordered” and disallowed from video-taping and retaining original contemperaneous results from any such test.
Diebold, who along with ES&S currently count more than 80% of America’s votes have come under a great deal of criticism by Election Reform and Voting Rights advocates charging that their secret software, protected from public scrutiny as a “proprietary trade secret” is buggy, unreliable and unsecure.
As previously reported by BRAD BLOG, a “Cyber Alert Warning” issued by a branch of the U.S. Department of Homeland Security warned prior to last year’s Presidential Election that the Diebold Central Tabulator software had an “undocumented backdoor” which allows for a single malicious user to access and change the results of any Diebold-run election.
As well, a recent report by the non-partisan Governmental Accountability Office (GAO) — still completely unreported by the mainstream media more than a month after its release — found that electronic voting machines and tabulator were susceptible to hackers and, in fact, have been responsible for losing votes all together in recent elections.
Diebold’s CEO Walden O’Dell has been oft-quoted he infamously promised to deliver the electoral votes for the state of Ohio — where Diebold, Inc. is headquartered and where last year’s Presidential Election was decided — to George W. Bush in a non-infamous fundraising letter to high-level GOP donors prior to the election last year.
The Secretary of State’s office has asked for public comment about their possible re-certification of Diebold equipment in the state. To submit a comment, visit www.ss.ca.gov/elections/elections_vs.htm, call (916) 653-6814 or email votingsystemcomment@ss.ca.gov.
Diebolds, Diehards, ESS, IBMs! Help, I’m drowning!
Nowhere to run! Nowhere to hide! Head for the hills! Head for the mountains!
Ah jeez! Twelve years of college down the drain! Five years of being president and stealing two elections down the drain! It ain’t fair!
In telecoms there is a parallel to the kind of certification people are hoping occurs with voting electronically. It is a complex arrangement with supervision and impartiality to filter out as much ingenious deceit as possible. During the standards development process there is a certain amount of negotiation among patent holders and technology developers who carefully measure their words to protect trade secrets and future product viability and competitiveness. Next there are industry specific labs for bench testing and limited testbed deployment on specific dates for near-realtime troubleshooting and often these latter include a kind of competition so machinery in development occupies and transmits over the same testbed simultaneously with the competitors’ latest models. At the conclusion of independent lab testing are reworking designs and final certification. Development timelines factor into product design planning; so if you manufacture or design your own copyrighted chipsets for some modules you need to plan for how the standards body negotiation process will progress and to which ends it will be willing to arrive. Margins are thin. Predictability is difficult. Deployment is expensive after certification. Look at standards bodies such as the IEEE 802, the ATM forum, Frame Relay Forum, even the MPEG group working on standards.
Calling a programmer to a Sierra Nevada county to try a hack which worked in FL a few weeks ago might be an instance of Diebold swapping out some ROM chips to confuse the hacker.
Probably BlackBox’s foresight is well advanced beyond these considerations. The essence is accepting there will be trade secrets, marketing priorities, and lots of industry/gvernment politics; government budgets are cashcows for the voting machine industry.
An article in the Sacramento McClatchy paper today says a couple things seemingly different from Brad’s article: the CA Secretary of State has certified what was formerly not certified; and it says a hearing was held in Sacramento this week and a test hack event is planned.
The CA SoS is an interim appointee of the CA interim governor; the SoS came onboard with a group of national Republican Party notables; so, even though SoS McPherson had a cooperative reputation when he was a state legislator, the stakes in the voting machine test, certification, and deployment are likely causing much pressure upon what might otherwise be a more mete and just decisionmaking process for the SoS’s office.
The veracity of the FL hack success should be sufficient reason for congress to revisit the timelines for deployment. Diebold should have a chance to correct its design. And the voting machine industry needs a standards body variety of oversight, as well as its own technology forum. As many voting machines are also internet based, considerable technical help should be available in the form of an adjunctive association with already existing professional forums which develop and oversee and provide peer review for the complex issues involved with internet, such as the now reliable format called https, which is used in intranets. Secure transactions are more secure on some networks than others; so this gets to be a more complex issue than a simple timeline written in stone by Congress. It is a pity if any delay causes Diebold cash losses, but voting is too important to sacrifice its reliability; witness the contention in the past two presidential elections. In fact part of the original willingness of the US Supreme Court to jump into the fray and separate the hassling parties in the 2000 halt-the-recount matter was that timelines had to reach their apogee: a president needed to be selected by the time the then-sitting president’s term was completed. With the upgrade to electronic voting, we need to get it right and not rush into a marketing windfall for Diebold if standards first are not vetted and security experts with a dispassionate and accomplished technical expertise have been excluded from the process.
Elections always evoke polity. Vive la difference. But the ballot box is nearly to the point of becoming objective; quite a feat, considering how many elections are the source of civil strife in each week’s world news. The USA should get this technology quantum leap right.
Every time I go to my bank of America ATM machine and see that name (Diebold) I feel unsafe. I really wish my bank would do business with better people. I do believe this last election and the primaries where fixed, and that diebold has a huge part in it. This company is in charge of many ATM’s and no telling what new scams they are up to. The FBI, CIA should really be checking into this big Question about the hacked election because if it is true, these people have their hands on everyone’s money.
The background to this recent confusion is that when BBV’s Bev Harris and Jim March took a successful legal case against Diebold in California, in its judgment the court placed certain obligations on Diebold.
Following the recent election, observers ascertained that Diebold was *not* doing the things the court had required it to do.
BBV communicated this (to the CA SoS office I believe), referencing the court case judgment.
The SoS never responded to the issues BBV raised relating to Diebold’s noncompliance with a number of court-ordered procedures. Instead, the SoS made an "unresponsive" reply which proposed the hack under conditions set by Diebold which were obviously non-scientific, rigged, and also failed to address the immediate concerns about compliance with court-ordered instructions. I don’t think BBV would ever consider participating in any test that it felt Diebold could rig.
Separately BBV had previously requested the CA SoS to repeat the Harri Hursti hack which was done in Florida, but as far as I know there was no response to this request.
The CA SoS has not agreed to replicate the Hursti hack, nor have they responded to Diebold’s apparent violations of the previous court case (which Diebold lost and they had to repay CA something like $2.6 Million). I don’t know the legal implications of Diebold’s ignoring the court order, but hopefully someone is looking into this. There may be implications for CA that it is ignoring Diebold’s transgressions.
Bruce Sims has proposed a recall of several CA officials. What do you think? Does this have legs?
{irrelevant comment removed by WP}
Honesty in Advertising Department:
AT DIEBOLD, WE’RE CHANGING VOTES, ONE DEMOCRACY AT A TIME
Catherine A #4
You mentioned that you "don’t know the legal implications of Diebold’s ignoring the court order", so I thought I would mention a word or two.
The "order" was in part a permanent injunction forbidding Diebold from certain activity concerning certain of its machines, and at the same time commanding other behavior.
Jim March gave us here a link to the injunction in a thread on this blog (link here, and here).
It is normal protocol when an injunction is violated for the victorious party (Black Box Voting) to go back to court and ask the judge for a contempt order. The punishment could be a fine or jail time or other court orders.
A hearing could be held, etc. etc. One complication is that the CA attorney general did some of the litigation and BBV were qui tam litigants. That adds some procedural complexity, but does not change the bottom line that the court can sanction Diebold from violation of its orders, judgments, and injunctions.
But someone has to go ask the court for relief, and that someone is not going to be Diebold.
Hi Dredd,
I am sure that BBV is looking into this but I don’t know what the current state of play is or what outcome(s) are most likely. Would it probably go back to the same judge who originally heard the case?
It’s nice to think of DESI (board? top executives? everyone?) doing some jail time, though I suspect a fine is more likely. I hope any fines are punitive and not a slap on the wrist. Diebold has persistently shown itself to be quite willing to flagrantly ignore any kind of regulations–as if they seem quite confident of having friends in such high places that they don’t have to worry about pesky inconveniences such as laws or judges’ orders.
Catherine A #8
You asked "Would it probably go back to the same judge who originally heard the case?"
Yes, that is the norm.
And I also hinted to Jim during our postings here, that a res judicata ploy should be used by other litigants (e.g. EFF) in their cases.
This is basically a statement that an issue has already been litigated. So in other states in actions against DESI the same facts would not be litigated again.
The injunction in the BBV case would be a kind of precedent and the other courts would be either bound by it or significantly influenced by it.
The strength of the res judicata principle varies, so it would also depend on the state the new case is litigated in. It is worth consideration at any rate.
Fingers crossed that something good will come from this.
In Johnson County Kansas, we were a pilot site for the Diebold touch screens. I am 90% sure that I could throw an election here using much simpler means than hacking.
Two days after my making the initial contribution above, new media reporting and statements by interim Secretary of State of CA McPherson, as well as other excellent links and comments above in this current thread and through websites other posters are contributing give hope much more expertise is ‘out there’. But it still appears to me a slipshod award of a contract to a defective product’s manufacturer is to risk the kind of travails that for example Gov. Davis had to endure after a software contract’s specifics were publicized.
There is an election next year, and two very strong candidates on the Democrat side already have announced interest in the SoS job, Ortiz and Bowen, state legislators.
I still think the ‘hack test’ is a superbly suitable idea for the CA voting machine certification process.
In a more serious facet, it might be useful to compare the polling machine test process with the kind of evolution and testing of cable internet products and program code which occurred in the late 1990s at CableLabs during development of the staged DOCSIS standards. Manufacturers still shipped products and planned obsolesce while recovering capital outlay for chip design, yet as a whole, the voluntary standards bodies in the cable industry worldwide coordinated to a sufficient degree to allow cable to become the first and best form of broadband, long before the telephone companies began to have a truly workable DSL alternative. I suspect voting machines are a dusty niche in government purchasing; but after the anomalies we have seen in recent vote outcomes, including comparing exit polls with machine reported results, clearly the certification process for voting machines should become more accurate.
And, if as reported today at BradBlog’s site and elsewhere, e.g. SF Chronicle http://www.sfgate.com/cgi-bin/a...1&sc=1000, the plan is for several states election officials to gather next week and exclude the hacker test, one result may be to avoid one embarrassment (if the hack were to succeed) while opting perilously for further embarrassments: the Attorney General launching an investigation if the Secretary of State proceeds with wholesale purchases of machines later discovered to be defective. It would be interesting to have some input into the process now rather than later, from the AG, as well as the spokesperson for the Speaker of the CA Assembly who so carefully described the McPherson transition advisory group at the time McPherson was appointed interim Secretary of State. One supposes, at the highest levels of state government, these variously elected and appointed officials consider commity of prime importance, and they are likely waiting to observe the SoS’s final decision rather than opine as a blogger might while the process is ongoing. I certainly respect that silence and circumspection on the part of known watchdogs and critics already in high office.
Another writer has observed there might have been a public meeting secrecy rule violation already in the hearings held last week; however, it will be worthwhile to wait for more information about that hearing, and the meeting of secretaries of state set to occur next week. I defer more detailed comment to the principals who are already involved in watchdogging these processes. Good work Brad.
JL
exhibitions amatrices
amatrices gros
photos amatrices gratuites
matures amatrices
amatrices du
amatrices exhib
amatrices a
femmes mures amatrices