Diebold weighs in with rebuttals -- want to weigh in with the facts?

I'm too punchy to research and write up, but will transmit big blast of media advisories giving the straight story, if any DUers want to debunk these answers:

In a statement issued by Diebold, the rebuttals so far are:

1) “We believe that the software code they evaluated, while sharing similarities to the current code, is outdated and never was used in an actual election.”

2) The research “overlooked the total system of software, hardware, services and poll worker training that have made Diebold electronic voting systems so effective in real-world implementations.”

3) The company said its e-voting software is constantly updated to comply with certification requirements

4) "Our election systems products and services undergo a series of certification processes, which are conducted by federal, state and local officials, including logic and accuracy testing, and represent a sequence of security layers."

5) "We have been using the systems now for a year and a half. We've had great success in dealing with them."

6) On election day, human election workers would count the number of votes cast at each terminal and retain receipts that would tie people to a specific machine (but not to their actual vote). If the voting machine's tally doesn't match the operator's count, then the votes on that machine would be thrown out and those voters allowed to recast their ballots." If there is a failure or a compromise of one unit, we know who voted on that unit," (project manager for Maryland's voting system implementation, David) Heller said. "We don't know how they voted, but we know who voted."

These come from:
MSNBC: http://www.msnbc.com/news/943558.asp?0cv=TA00
CNet: http://news.com.com/2100-1009_3-5054088.html

In reading all about this tonight, a question came to my mind. I know you've been working like hell on this and it's great that it is now getting news time. I'm sure that you had to send 'stuff' to sundry and various Dems over the weeks. I would think they, of all people, would want this to be news item #1 all over the country because their political "hides" depend on it. Did any of them ever seemed even remotely concerned???? If they don't start going at this as the greatest obstacle to any of their elections in '04, then this will just die on the vine. I'd think that in the light of all the lying shit of Bush coming out now, that they would have the background. Anyway, what is your take on "how" worried (or not) the Dems are??????????? Thanks.

I would like to know too. This was mentioned on Crossfire the other day in front of Carville, and he merely pooh-poohed the whole idea. Now I would think someone like Carville would have a very strong interest in this. He acted like it was just another tin-foil hat issue. I was disappointed to say the least.

are now up to 26!!!

Like many, Dems realize this is a complex story and, until we've been able to assess the FACTS contained in the documents from Diebold's ftp site, there was this constant and strange little dance going on...express a concern and they say "that's not how it works, but we won't show you, it's proprietary." What good was it to complain about anything if you couldn't get the facts?

Now, we're getting the facts, and it is the code and the documents themselves that will tell the story.

Bev

So I guess the following January, February and March 2002 programmer's comments in the TransferElecDlg.cpp module downloaded from the FTP site are just "dedicated" employees who are working on old code during lunch hour?

http://blackboxvoting.org/rebuttal.htm

regarding #2: "the total system of software, hardware, services and poll worker training that have made Diebold electronic voting systems so effective ...”

From the manual, that section that says "you can do this before or after, but not before."

Regarding #3, constantly updating to comply with certification requirements: Correct me if I'm wrong, and I may be, but isn't the certification standard they were using the 1990 standard?

Also, pulling from the FEC.gov site: xxx is what is certified, nothing more, and changes must be recertified, etc...

#6 is rather laughable on its face, isn't it?

Bev

if you just post the reply at DU.

Congrats, Bev, on the story going National.

Still not on the 6 or 11 broadcast news, or cable news summaries of the news, but it will get there.

Dear DUers..

I have a favour to ask... can as many of you as can be bothered..

Go to
http://add.yahoo.com/fast/help/news/cgi_fullcoverage

And submit link requests for full coverage inclusion in coverage on this ... particularly Bev's latest as it is the best...

Cut and paste this into the box... and write a intro...

/// Snip ///

Can you please link in full coverage editorials and opinions...

BREAKING NEWS BULLETIN FOR MEDIA AND PUBLIC:

Electronic Voting Machines Blasted by Scientists, Hacked by Author
http://www.scoop.co.nz/mason/stories/HL0307/S00198.htm

/// Snip ///

With the story at No. 3 and rated by ten times as many people as No.1 and No. 2 they cannot ignore the interest in this.

Submitting the earlier ones would probably also be very cool.

Sludge Report #154 – Bigger Than Watergate!
http://www.scoop.co.nz/mason/stories/HL0307/S00064.htm

and

Inside A U.S. Election Vote Counting Program
http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm

and

The Truth About the Rob-Georgia File http://www.scoop.co.nz/mason/stories/HL0307/S00078.htm

In the past we have found that prominent yahoo coverage can generate thousands of reads in an hour.... which is seriously more than anything we have ever come across except perhaps Slashdot and Bev's last Scoop.

We have tweaked our server to run sweeter this time... and these four stories contain three times as much information and punch as any of the big media's efforts so far.

regards
Alastair Thompson
Scoop

the ones that ended in #password, #vote and #password (both locations) should read #password #votes and #audit

Those were my typos, sorry.

:)

High-Tech Votes Can Be Hacked, Scientists Say
Thu Jul 24, 6:06 PM ET

By Andy Sullivan

http://story.news.yahoo.com/news?tmpl=story&cid=569&ncid=738&e=1&u=/nm/20030724/tc_nm/tech_voting_dc

:toast:

:)

:D

and we'll have experts evaluate THAT.

... as for #2, the statement is completely unsupportable, since there is no underlying paper verification to prove the systems were "effective in real-world implementations."

5. Were there not reports of touch-screen machines freezing up at unpredictable times? Was that not the reason for installing patches at the last minute in Georgia? Since these were "certified" systems, constantly upgraded, why was the customer, the state, sold a "certified" product which did not work as advertised?

And, #1. They "believe" the code evaluated was not the same???? It came from their own FTP site. The file date/time stamps are known. The versions are known. But they cannot say with certainty? BS.

Cheers.

Hoping ParanoidPat will see this too. Pun and Paranoid have that deadly combination of excellent writing skills and very good analytical skills.

Bev

... I'm not even sure what they mean (as you say). When would that check of the TS likely be done? After the polls close. After. What in that state's law allows voters to be called back to the polls to "re-cast their votes?"

Sorry, still at work, don't have my notes here--otherwise, I might be able to be more specific.

Cheers.

Where? When? Did all the voters revote? Was the new vote included in final tally?

If the voter recall has never been done, does that mean no machines ever failed?

And the Merlot is kicking in! :crazy:

But I'll post a 'point by point' in an hour or so! :evilgrin:

My reading of is that the Feds certify the equipment. AFAIK, the Feds don't do that. The Election Center is the go-between for the Feds and the certifiers. And, the state and local election officials don't get source code, do they? They get the certifier's report, and do their own functionality tests, right?

Cheers.

How do we know it is the same? Perhaps the checksum, but wouldn't that go all woozly after about 3 or four of these unexamined "patches" they keep slapping on there?

As for the state people actually looking at the source code, I've interviewed several and haven't found a one that does, but Florida makes hrrmph-hrrmph noises as if they do.

Bev

It sounds like what it means.

Kind of like the phrase "the older the data get, the grubbier they get".

The code evaluated came from their own site so they cannot say they don't know which version was used so where they say they "believe" you can hammer them on that one alone. It puts them in a box because they would have to prove that the code evaluated was an earlier version than that which was used in "effective real-world situations" and, in order to do that, they would have to reveal the code that they did use.

Using the word "believe" in their rebuttal tells me they are scrambling.

when you do take into account the WHOLE proccess in the 'real world' they will score even worse.

i still haven't read the article yet by the young cs guys nor the rebutal, busy with the 911 doc but i'll post if i see something not mentioned already.

:hi:

peace

like complete hooey to me in more ways than one.

300 people who voted at a particular machine, because you decided to "throw away the machine results" and you need for them to vote again?

Bev

"November 2002, North Carolina — Trying to find 300 voters so they can vote again: In Wake County, North Carolina, one out of four new touch-screen voting machines failed in early voting, losing 294 votes. The machines were shut down before Election Day, so election workers looked for the 294 voters to ask them to vote again."

"At those sites, voters used the touch-screen equipment, called iVotronic machines, but the computer did not record all votes, Wake officials said."

The News & Observer Raleigh, NC, 31 October 2002; “Machines lose 294 early votes”

NOTE: iVotronic machines are ES&S

machines would be the ones that, oops, had their results thrown out. Which districts and demographics? Hmmm, I can just see a lot of single mothers juggling children and jobs and child-care getting calls saying, you know what, you need to come back down-town and re-vote. Or folks without any transportation. Or the elderly who have to be driven. Choice point all over again. And I think it is crap that they know who voted but they don't know how they voted. I was signed in manually in 2002 and given a number, I remember because I was first in line(my name was written on line 1 of the ledger). There were many machines and we were directed to whichever one was open. They could not really do this, and have #6 be true, they'd have to send everyone to a single machine to keep track of who voted on what machine. And if they did this, then they would have an exact record of who voted what way, by the consecutive order of votes by the number the person was assigned when they came in. I only know about my town, maybe they don't do it that way everywhere, but that's how they did it there. (Asheville, NC).

edit: the first two words give the whole thing away "we believe". Why don't they KNOW? Hell if you can get access to their software then surely they can.

... free choice of machine after receiving a SmartCard. Guess what this means, if the Maryland official is right? They _can_ tie votes to individuals. The only way they would know which people to call for fresh votes is if the TS records a serial number matching a sign-in sheet. Bingo. Thank you.

is not much of a defense. They are at a vulnerbale window of purchasing the machines. So ignore, muffle, laugh and lie. Keep pitching the sales talk that has duped and spoonfed all the election officials. AFTER the machines are purchased, THEN will come the ruthless war to stop lawsuits and refunds. They can't even begin to address their bigger fears of being caught in deliberate or negligent rigging.

Visit the Diebold site. They had a big problem with Maryland going slow on the deal. August 4,5 is a webcast analysts conference full of portfolio braggadoccio by the execs. The deadlines for the reform legislation and fed funds are coming due with or without local reservations. Most of all they want to quiet or slow the story. Perhaps the big media is somewhat complying with that limited strategy?

Their arguments are lies, sales pitch, generalized vagueries pumped up with nice sounding assurances. Mash it together and dismiss them, then provide a detailed summary per Bev of the parsed nonsense. The logic errors are childishly basic. We've had no complaints so there is nothing to complain about. All people believe in God, therefore God exists(And Aquinas was sincere, not a corporate salesman).

Like local news, preeminence will be given to the statements of offended corporations. Multiply the venues without waiting for the "esteemed" media.

And I have been asking this too and not just about voting machines. WHAT are the professional Dems doing?????? I see some individual resistance, but they certainly are not an effective vanguard of their own self-protection.

1) “We believe that the software code they evaluated, while sharing similarities to the current code, is outdated and never was used in an actual election.”

What Diebold believes is immaterial. The voters must have confidence in this system. If the software evaluated is outdated and/or was never used, then show us the updated software that is used.

2) The research “overlooked the total system of software, hardware, services and poll worker training that have made Diebold electronic voting systems so effective in real-world implementations.”

No system of software, hardware, services and poll worker training could correct the security flaws demonstrated. Diebold should show proof that each and every flaw noted by the researchers has been addressed and corrected.

3) The company said its e-voting software is constantly updated to comply with certification requirements.

Fine. Prove it. What are the certification requirements? Who sets them? Who does the testing? When? What test data is used? How can voters be assured that the software tested and certified is the same software used in the machines on election day?

4) "Our election systems products and services undergo a series of certification processes, which are conducted by federal, state and local officials, including logic and accuracy testing, and represent a sequence of security layers."

Same answer as #3 above. Show us the software, describe the testing and who does it. Show us how the software performed in the tests. Show us how you fixed any problems.

5) "We have been using the systems now for a year and a half. We've had great success in dealing with them."

Refer to the list posted here several times of the numerous screwed up elections using Diebold machines and software. Ask for a coherent and understandable explaination of every single one.

6) On election day, human election workers would count the number of votes cast at each terminal and retain receipts that would tie people to a specific machine (but not to their actual vote). If the voting machine's tally doesn't match the operator's count, then the votes on that machine would be thrown out and those voters allowed to recast their ballots." If there is a failure or a compromise of one unit, we know who voted on that unit," (project manager for Maryland's voting system implementation, David) Heller said. "We don't know how they voted, but we know who voted."

This is not practical in any real world voting situation. Call voters back and let them re-cast their ballots? When? The night of the election? The next day? How is it fair to put the burden on the voter to come back to vote again because Diebold's machines failed to count their first vote?

A double tally doesn't solve the problem if the software simply records a person's vote for one candidate as a vote for the other candidate. The tallies would match, but the vote would be wrong, and neither the voter, nor the election officials, would know the difference.

I know my answers are simplistic, but I represent the average voter who has no understanding of software or programming.

"Refer to the list posted here several times of the numerous screwed up elections using Diebold machines and software. Ask for a coherent and understandable explaination of every single one."

I've got at least a dozen in my back pocket, all impeccably sourced.

Excellent. This is a fine time to bring those out.

Bev

1) "We believe that the software code they evaluated, while sharing similarities to the current code, is outdated and never was used in an actual election."

This code was MORE recent than that used in GA. So you are saying that you used this POS code in GA, that it's now been converted to angelic code? So when are you going to stop revising the code? In ten years? (Diebold quote from earlier in the day).

2) The research "overlooked the total system of software, hardware, services and poll worker training that have made Diebold electronic voting systems so effective in real-world implementations."

So you point out that there are ADDITIONAL points of failure in the system. I guess you don't know that to make a system robust you have to REDUCE the number of possible points of failure.

3) The company said its e-voting software is constantly updated to comply with certification requirements

So you have the capability to patch bugs. That makes me feel better.

4) "Our election systems products and services undergo a series of certification processes, which are conducted by federal, state and local officials, including logic and accuracy testing, and represent a sequence of security layers."

A system has to be designed FROM THE START to be secure and robust. No amount of slipshod certification can ever prove that a poorly designed system is secure and robust.

5) "We have been using the systems now for a year and a half. We've had great success in dealing with them."

What a lie. I've been in the tech industry for 20 years and have been on quite a few conference calls when the vendor said that exact same thing - when the reason for the conference call in the first place was that the system was NOT working AT ALL as advertised.

6) On election day, human election workers would count the number of votes cast at each terminal and retain receipts that would tie people to a specific machine (but not to their actual vote). If the voting machine's tally doesn't match the operator's count, then the votes on that machine would be thrown out and those voters allowed to recast their ballots." If there is a failure or a compromise of one unit, we know who voted on that unit," (project manager for Maryland's voting system implementation, David) Heller said. "We don't know how they voted, but we know who voted."

:wtf: Those f***ing voters have gone HOME! What are you going to do? Have A**croft round them up and drag them back to the polling booth? Glad to know you have all these fine plans in place when your system fails. Because it IS going to fail, big time.

Man, that was eaaaaaaaaaaaaaaaassssssyyyyyy! :)

A tech writer I know worked at a large software company (not election related), and sat in on a variety of meetings. She said that yes, you could have a group sit there and look at code. They would just ask, hmmm, did you include this, did you make it do that. Nobody sat there and went over it line-by-line with the developer. She said that sure, there was quality assurance, but that ultimately, in practice, IT IS THE CUSTOMER that tests the software and finds the bugs. She said that because of commercial pressures to get stuff out the door in the least possible time, to beat the competition and spend less money, THE CUSTOMER is the most likely to find bugs in the product.

If the customer is a voter, ain't no way to find those bugs. We vote and go home.

One of the people in the MSNBC story, Avi Rubin, is on the USENIX Advanced Computing Society board as well as technical director of Johns Hopkins’ Information Security Institute. USENIX is holding a conference on computer security next week and there is a session on computer voting, though I believe it was scheduled before any of this came out. I can't imagine that this won't come up, though, and the more traction this gets among high end programmers the better. I'm VERY encouraged to see Avi's name here. Not being an expert myself, I have a great deal of confidence in his judgment, over against some of the things being said by the skeptics who have been weighing in.

Now they just have a great deal more EVIDENCE to discuss and evaluate. Dr. Dill has been looking forward to this conference for some time.

Which is great--I wasn't sure whether this stuff was going to come up but it looks like that's covered. Wish I was going to BE there.

This 'statement' is pure marketing rhetoric. I'd be surprised if they even consulted with any senior technical staff.

1) The "moving target" obfuscation. (This is always the truism deployed in any defense of software.)
The fact is that code constantly changes, both to correct a steady discovery (and backlog) of errors and to make it "sexier". Furthermore, customer requirements evolve as the customers learn what they should've asked for in the first place. The (unstated) implication that 'current' code is somehow better is both a strawman and, more usually than not, false. It is rarely valid to assume the next turd out of any rectum will smell less.

2) The distraction and overload defense. (Always attack the evaluation as incomplete.)
If you look at a car and find that the wheels fall off at 10mph, does it make any sense to look at the "total car"?? The fact is that a system composed of subsystems can only be as strong as the weakest subsystem, and often weaker. The interrelationships between subsystems (whether human, software, or hardware based) introduce more failures in the "total system", not less.

3) Bafflegarb. (Of course code is constantly being updated.)
Either they're talking about industry standards, original customer requirements, or evolving/new customer requirements. If the latter, see #1 above. If either of the former, what they're saying is that the code has never met either the standard or the original requirements (or both).
The real point to focus on is that there must be a disciplined and managed engineering process for creating such systems, and that process (generally called SDLC - Systems Development Life Cycle) must meet certain standards (IEEE, ISO, ete.) for reliability. That means that any low quality product produced from such a process is a fair representation of the quality of the process itself. (Flawed processes produce unreliable products.)

4) Whoopdy doo!
Therefore, those external review processes are so superficial (or are based on misinformation provided by the manufacturer) that they failed to identify the systems flaws so obvious to a "white box" review. They're essentially refuting their own defense in #1.

5) This is the "trust me" defense. It relies on our natural reticence to say "Trust, hell! prove it!"
I guess it depends on how you define "success in dealing with them"? (This sounds more like overcoming them or fighting them than using them seamlessly and reliably.)

6) Bury 'em in vague reiterations of the "cartoonisn" oversimplification of production use of the system. (A straw man argument. Fallacious.)
Big precincts, little precincts, older poll volunteers, cold winter days, hot humd summer days ... the variables are enormous. High reliability requires more than cartoons.


Like I say, they've not made any kind of investment in responding seriously. This is marketing and sales bullshit.

I love crisp, picturesque, brutally inquisitive writing styles.

And the points you make are superb. Thank you so much.

Bev

1) “We believe that the software code they evaluated, while sharing similarities to the current code, is outdated and never was used in an actual election.”

But you're not sure. Well, version control was one of the flaws discovered by the researchers.

2) The research “overlooked the total system of software, hardware, services and poll worker training that have made Diebold electronic voting systems so effective in real-world implementations.”

The "hardware, services and poll worker training" are totally worthless, no matter how good they are, if the software is bad.

3) The company said its e-voting software is constantly updated to comply with certification requirements.

What certification requirements? We'd like to see some. Then we'd especially like to see where new certification requirements necessitated any changes in your code, and exactly what you did to comply.

Up til now, the ONE national certifier has not seen fit to answer any questions and basically can't be reached for comment. Further, we have found no evidence that ANYone has gone through the code line by line (as is required, at least in the state of Georgia), until now.

4) "Our election systems products and services undergo a series of certification processes, which are conducted by federal, state and local officials, including logic and accuracy testing, and represent a sequence of security layers."

Sequence of security layers? Such as?

Certification at the national and state levels (some states, like Georgia) appear to be a joke. Can someone PROVE otherwise?

5) "We have been using the systems now for a year and a half. We've had great success in dealing with them."

Yes, those 3 Republicans in one Texas county who each won their 2002 election by exactly 18,181 votes thought it was quite successful too. The gubernatorial candidate in AL (need to look up details of this story) who finally gave up his fight and just quit didn't think it was such a success.

6) On election day, human election workers would count the number of votes cast at each terminal and retain receipts that would tie people to a specific machine (but not to their actual vote). If the voting machine's tally doesn't match the operator's count, then the votes on that machine would be thrown out and those voters allowed to recast their ballots." If there is a failure or a compromise of one unit, we know who voted on that unit," (project manager for Maryland's voting system implementation, David) Heller said. "We don't know how they voted, but we know who voted."

Specious at best (and others had better responses), but also doesn't address ANY of the report's points.

Eloriel

... is Diebold willing to let Georgia (or Alabama, or Texas) send one of its as-installed machines to a _different_ certifier, say SysTest (which is now authorized to certify both hardware and software) and then agree to pay for the certification, and have no contact whatsoever about it with anyone? Diebold doesn't know which machine, SysTest doesn't know, no one knows--just pick someone at random to pick out a machine and send it out for separate testing?

Hmmm?

all they need do is make available the final "frozen" source code for comparison, and certify in writing that this is THE ONLY version of the software that is on ANY of the machines. Since their so-called proprietary code is already in the wild and has been analyzed, if they are honest they would realize they have nothing to lose by posting the final code, if it is in fact different.

They could end this in a single stroke, if a word of what they are saying is true, and they're willing to put it up. And it is the ONLY way to end it.

I don't think that's gonna happen. Just a feelin' I have... BECAUSE THEY'RE F**KING LIARS.

And then let us compare the "frozen code" against any of the machines, say in Georgia, as well as the code the experts have, of course.

Eloriel

posts?

I assume that latter until Bev says otherise.

You guys are great with your responses- just as Bev said!

:-)

:toast:

:-)

formulate good follow up questions. I will then write these up and distribute them to all the key media targets (about 10,000 people).

Therefore, the best ones present either facts or killer logic or procedural expertise.

Then I have to make it short.

I will also send what we come up with to all the computer scientists working on this.

I assume Diebold will go through the report in detail, and at that time will come up with a bunch of red herrings and the normal dodge and distract, so it might be handy to have one of our little crib sheets "top 10 ways to obfuscate" or whatever that we can tack on.

I've got one somewhere. Stuff like "erect a straw man, then knock him down" and "bring up an argument that nobody raised, then attack it diligently" and "simply ignore" and "attack the messenger"


Bev

Elections Division, Secretary of State Office:

"Michael Barnes, a Georgia elections official, said the system is secure because it could be manipulated only by someone who brought a laptop to the voting booth and modified the voting machine."

Augusta Chronicle - July 25http://www.augustachronicle.com/stories/072503/met_029-1011.000.shtml

http://www.ajc.com/metro/content/metro/0703/25voting.html

Ga. backs touch-vote plan despite critical study
The Atlanta Journal-Constitution

"A state election official said Thursday he is "very confident" in the security of Georgia's new touch-screen voting system, despite a study that concluded it is highly vulnerable to fraud. "My confidence in this system is the same as it was . . . before I read the report," said Michael Barnes, assistant elections director in the secretary of state's office.

Barnes was in charge of Georgia's statewide rollout in November.

Georgia's Barnes, however, said that the review ignored election protocol and pre-election testing. It also ignored hardware features and other measures designed to protect the system, he said.

"If you look at a Picasso, you might look at one corner and think the whole thing is ugly, but when you look at the whole picture as it's meant to be presented, you realize it's beautiful," he said.

Barnes added that the version studied was not the one approved for use in Georgia.

What is the version number approved for use in Georgia--_before_ the 2002 election? What procedures were used in pre-election testing to address the issues presented in the JHU paper? What in election protocol prevents manipulation of the software or for the software to manipulate results, intentionally or accidentally? What hardware features and "other measures" prevent bad code from doing damage to results? What are those "other measures?"

This ain't aesthetics.

As for the idea that the software used was a latter version: How many more weaknesses and errors were introduced?

Barnes' "trust me" protestations would be more persuasive if he had no vested interest in covering his fat butt and had the decades of technical experience like people who aren't "confident".

Barnes is of course one of the stars of Bev's lies...

...

Michael Barnes, of the elections division with the Georgia Secretary of State's office, said "That ftp site did not affect us in any way shape or form because we did not do any file transferring from it."

and

And now, Michael Barnes on the Georgia patch:

Barnes: "Wyle said it did not affect the certification elements. So it did not need to be certified." (at the above-referenced link, you can also find information from a Freedom of Information Act request, in which officials admitted they did not have any certifying documents on the patch).

Harris: "Where's the written report from Wyle on that? Can I have a copy?"

Barnes: "I'd have to look for it I don't know if there was ever a written report by Wyle. It might have been by phone."

... this guy is a clown... he wasn't good at making stuff up back then and he ain't any better now..

"Barnes added that the version studied was not the one approved for use in Georgia."

Were the modifications that "Rob" put onto the machines approved? What did they do?

... multiple votes by a single individual were possible, according to the JHU group. Does that mean a Palm Pilot connected to a portable card ID writer? I've been hearing of ATM thieves using smaller and more sophisticated equipment than that to retrieve codes from card scanners.

"They have a lot of what ifs in their report, said Michael Barnes, assistant director of elections. I was disappointed in the report because the way they tested the system is completely out of context of how the system is used."

From Access North Georgia http://www.accessnorthga.com/news/ap_newfullstory.asp?ID=13657

Same report: Rebecca Mercuri -- "..widespread manipulation of the system described in the study was highly unlikely...There would have to be a massive violation, systematically, of a huge amount of protocols, for this to take place, Mercuri said."

... Mercuri agrees with Barnes. I wonder why she would be so quick to agree, since she's been a fairly steady critic of DREs. ???

She may have spent 30 minutes talking about all these vulnerabilities in postive terms, and admitted when asked to that point, and they needed a rebuttal so used that one comment.

I don't know if this is what happened, but it wouldn't be out of the norm.

Also, while may technically have a point -- does that reduce the threat or problem? Some races are won by just a few votes. A VERY few votes.

Eloriel

If this is the case it would be good for Mercuri to have a go at the editor. Misrepresenting an interview is pretty bad... to do so so blatantly for no good reason just looks crooked.

:eyes:

Small, powerful, easily concealed?

according to the experts is a forged voter card. The arguments in defensea are coming back kneejerk simple smug and unstudied, reinforcing the pitch that sold and maintains these machines and overlooks code oversight almost entirely. They assume the scientists know nothing about the hardware and the real life context or at least not as devastating, but they seem to be mistaken in seeing an Achilles heel there too. The counterthrust is coming up short on a crumbling wall.

Too bad it isn't time yet to question the partisan investment or real expertise of state "officials" in championing these machines. The media is still a mile short of being on top of this.

This may take a little while. I want to get them just right! :evilgrin:

Point 1. "We believe that the software code they evaluated, while sharing similarities to the current code, is outdated and never was used in an actual election."

Response: George Bush 'believed' Iraq was seeking uranium from Niger but the 'facts' proved otherwise!

Although you state that you 'believe' the code that was evaluated "is outdated and never was used in an actual election", can you state that as 'fact'? Would you swear to it under oath?

You admit that the examined files "share similarities to the current code".

Do those 'shared similarities' result from the use of the same 'source code modules' to build the executable code used in the machines?

After all, it was the source code for the most part that was examined by these experts!

Can you tell us what changes were made that directly address the problems the experts found? (List the problems discovered i.e.; no way for the machine to tell if single voter casts multiple votes etc.)

(The long interview version)

Point 2. The research “overlooked the total system of software, hardware, services and poll worker training that have made Diebold electronic voting systems so effective in real-world implementations.”

Rebuttal: Bearing in mind that under the HAVA act, all Americans will soon use DRE's to elect the Commander in Chief of the most powerful military force on the planet as well as those who will authorize the spending for that military, would you go on record claiming that your system is as secure as the systems that will be used by that military?

If not, why do you feel that the election of the people who wield that kind of power deserves any less security?

Let's look at each of the four areas you mention separately.

The software is where the primary focus has been and you claim to 'believe' that it is not a problem in the context of the total system, so lets examine the other three areas first.

Everyone who owns a computer knows that software can make a computer do pretty much anything. Are you going 'on record' as stating that the hardware has some 'built in' security, separate from the software? If so what is it besides a simple lock on the door covering the ports?

Assuming that all of the people who have been entrusted to have keys to these systems are as honest and trustworthy as those who hold the keys to our nuclear arsenal, We'll begin with keeping outsiders out of the machine once they are behind the curtain.

Are the locks used to prevent unauthorized access to the memory cards and ports custom made 'pick proof' or 'pick resistant' locks that use special keys like those used on a pay phone or soda machine cash box?

Are the keys unable to be easily duplicated?

Do all of the machines use different keys and if not, how many machines can share the same key?

Are there any records kept as to who received those keys and are they tracked to insure that they are all returned at the end of an election?

If a key is lost or stolen during an election, are all machines that share that key taken out of service until re-keyed?

Is there any form of electronic interlock that would shut the machine down or otherwise lock it if the door is compromised?

If the answer to any of these questions is no, then the hardware security is just as bad as the software is 'alleged' to be!

In the case of a dishonest employee or poll worker:

Can the hardware alone distinguish legitimate functions and code from illegitimate ones through the use of hardwiring or built in ASICs bearing security certificates?

Without using some form of tightly controlled 'soft key' or biometrics approach such as a thumbprint or iris scanner to authenticate and log who is accessing critical functions in the machines such as loading software or accessing the database, can you with any certainty tell who accessed the machine and what exactly they did?

How do you know if a machine has been compromised?

Remember, besides the software, all of the training manuals and all of the details of the hardware, were published on the Diebold FTP site.

Is there anything in the training that guarantees that election personnel will actually follow the rules outlined in the training?

Are there any functions built in to one part of the system that ensure enforcement of rules pertinent to other parts of the system to act as checks and balances against fraud.

For example, does the software force a requirement that all employees and poll workers use a 'unique' identification when loading, accessing or retrieving critical information within the system and does it create a permanent log of such events that can't be overwritten such as on CD-R?

Can multiple employees or poll workers access the machines using the same login name and password thereby masking their identity?

If the training alone can't guarantee enforcement of election rules and there is nothing in the hardware or software to force compliance, how then can you claim that training is part of the security of the system?

You also mention 'services' as part of the overall system security.

Other than training and technical support services, what services do you offer that can actually guarantee overall system security?

And finally, with the vast number of publicly reported problems in just the last two elections alone involving your equipment, such as having to load 22,000 machines in Georgia with new, uncertified code right before the last election, how can you honestly claim that "Diebold electronic voting systems are so effective in real-world implementations."

Point 3. "Our e-voting software is constantly updated to comply with certification requirements"

According to page 2 of the Voting Systems Performance and Test Standards: An Overview, published by the United States Federal Elections Commission

"The primary goal of the Standards is to provide a mechanism for state and local election officials to assure the public of the integrity of computer-based election systems; this has remained unchanged since 1990."

Under Volume II section 5.2, Basis of Software Testing, in the same document it states;

"Unmodified, general purpose COTS non-voting software (e.g., operating systems, programming language compilers, data base management systems, and Web browsers) is not subject to the detailed examinations specified in this section. However, the ITA (Independent Testing Authority) shall examine such software to confirm the specific version of software being used against the design specification to confirm that the software has not been modified. Portions of COTS software that have been modified by the vendor in any manner are subject to review."

While the Diebold portion of the software may very well undergo scrutiny by the ITA as mandated by FEC regulations, the COTS (Commercial Off The Shelf) software used in their DRE's need only be checked for the proper version and that it has not been modified from the original! Security issues arising from the use of COTS are NOT addressed at all by the ITA software review.

Diebold uses Microsoft Windows CE as the basic OS (Operating System) and Microsoft Access as the database management system within their machines. The basis for the claims of system insecurity alleged by the members of the Information Security Institute at Johns Hopkins University and the member of the Department of Computer Science at Rice University are based on the use of the Diebold code in combination with the COTS. Whether this particular code or significantly similar code are used, the basic security flaws remain.

This exposes an even larger threat to the electoral system. The failure of the ITA to adequately address the systemic security vulnerabilities that may be presented by the use of DRE's incorporating COTS.
Without some form of unmodifiable backup copy of the voters intent created at the time the votes are cast, there is simply no way of proving that the votes cast are accurately recorded in the event of a system or security failure.

Point 4. "Our election systems products and services undergo a series of certification processes, which are conducted by federal, state and local officials, including logic and accuracy testing, and represent a sequence of security layers."

Although testing may indeed occur at the "federal, state or local" levels, the testing at all levels is typically designed to conform to the Federal Elections Commission Standards as outlined in the Federal Voting Systems Performance and Test Standards.

According to page 2 of the Voting Systems Performance and Test Standards, published by the United States Federal Elections Commission,

"The primary goal of the Standards is to provide a mechanism for state and local election officials to assure the public of the integrity of computer-based election systems."

The requirements for Logic and Accuracy testing prior to an election may change from state to state. Unless structured in such a way as to guarantee that a large enough sampling of votes are processed to create an accurate representation of a 'normal' election, exploits can be devised that will not manifest themselves until a 'trigger point' is reached, thereby eluding detection by the testing. Even if all units are adequately tested prior to the election, the testing in and of itself only guarantees the logic and accuracy of the machines but not the security of the system as a whole. It has been alleged by a former Diebold contract employee that during the setup for the Georgia election, machines were tested and passed on the weight of a single vote being recorded 'accurately' on each machine. This clearly demonstrates a problem with the way the testing is documented and the machines certified as being fit for use.

Point 5. "We have been using the systems now for a year and a half. We've had great success in dealing with them."

Ask them to define 'success'.

Insert # of problems documented by the press here! :evilgrin:

Point 6. On election day, human election workers would count the number of votes cast at each terminal and retain receipts that would tie people to a specific machine (but not to their actual vote). If the voting machine's tally doesn't match the operator's count, then the votes on that machine would be thrown out and those voters allowed to recast their ballots." If there is a failure or a compromise of one unit, we know who voted on that unit," (project manager for Maryland's voting system implementation, David) Heller said. "We don't know how they voted, but we know who voted."


A machine that misapplies votes, whether intentionally or due to failure or misprogramming, but still yields the proper total number of votes cast, is just as bad as a machine that mistallies votes.
Simply counting the number of voters vs. the number of votes cast does very little to protect the security of the voters intentions.
Knowing who voted is not the point of elections, knowing how the votes were cast is! :)

The only 'fool proof' way to protect the intent of the voter is to create a 'human readable' ballot at the time the votes are cast.
IOW, only a fool would place 'blind trust' in a machine! :evilgrin:

1) We believe that the software code they evaluated, while
sharing similarities to the current code, is outdated and never
was used in an actual election.?


Does the current code still exhibit these defects? And are you
willing to allow peer review of your current code?

2) The research "overlooked the total system of software, hardware,
services and poll worker training that have made Diebold electronic
voting systems so effective in real-world implementations."


These factors were omitted because they are irrelevant to obvious
defects in the implementation code.

3) The company said its e-voting software is constantly updated
to comply with certification requirements


We are glad you are still trying to fix it, but do not think unstable
code should be used for such an important functions as elections.

4) "Our election systems products and services undergo a series
of certification processes, which are conducted by federal, state
and local officials, including logic and accuracy testing, and
represent a sequence of security layers."


Certification is not relevant to demonstrated code defects.

5) "We have been using the systems now for a year and a half.
We've had great success in dealing with them."


Time in the field is not relevant to demonstrated code defects.

6) On election day, human election workers would count the
number of votes cast at each terminal and retain receipts that would
tie people to a specific machine (but not to their actual vote). If
the voting machine's tally doesn't match the operator's count, then
the votes on that machine would be thrown out and those voters allowed
to recast their ballots." If there is a failure or a compromise of one
unit, we know who voted on that unit," (project manager for Maryland's
voting system implementation, David) Heller said. "We don't know how
they voted, but we know who voted."


It certainly is a challenging job. Are you willing to allow peer
review of your current implementation?

...but, you're not supposed to be updating code without going through certification again.

Diebold glorified it's poll workers training, but I seem to remember as soon as they have problems with these machines, it's immediately the ignorant poll workers fault. Hmmm, what kind of programming allows you to have it both ways??

I'm sure the visually disabled and other disabled individuals will just love going back to vote again, since the big push for these systems was predicated largely on access for disabled voting and that's just what many states will be buying one per precinct for.


All of those arguments sound like the same old garbage we've been hearing.

As for state and county election officials, let's get them out of the election administration programs they take created and run by- guess who? R. Doug Lewis of The Election Center. Maybe that's why we hear the same inane arguments over and over across the country. We have a systemic programming problem here and this time it isn't in the machines.

And as I recall, the Center also helps states reform voting legislation. Gee, what kind of reform do you suppose that is?

The problem with Diebold's mantra, is that it's so automatic the election official just fall into the same old routine, eyes glaze over, state of self-deception activated now.....

i don't quite understand this answer. why not tie voters to actual votes? this is where the manipulation could easily occur, per you other posts. if the goal is to match report totals...what's to stop someone from just forcing an entry to match the report? sure would save the trouble of a recast. and, of course, the vital information is HOW they voted, in addition to WHO they voted for.

... how a particular voter voted.

On edit, here's an example of that misuse. A month ago, someone here asked the question, "is it possible to find out with electronic voting machines how a particular person voted? My brother-in-law is a sheriff's deputy, and the current sheriff was saying to everyone in the department that he could find out how they voted in the sheriff's election and would fire anyone who didn't vote for him."

Cheers.

that the vote be secret. You can't connect who voted to their vote.

but the problem of reconciling machine totals still exists. i seriously doubt the claim of re-voting if machine totals don't match. theoretically, it shouldn't happen, but it seems to me there should be some way of verifying vote totals with candidate totals...without revealing the identities of voters. it should be just numbers.

... the voter, receiving a SmartCard to vote, can pick any machine on which to vote (there may be several at that polling place), and one of those machines goes belly up, how does the polling place know who voted on which machine? Moreover, if the vote total from all the machines doesn't match the sign-in total, how do they know which machine is at fault? The only way to know that is if the machine accurately recorded the number of SmartCard swipes, but did not accurately record the number of votes. Even then, that doesn't tell them who voted on which machine. So, how do they know? Recorded serial numbers matched to sign-in sheets is the only way, and that's illegal.

(!)

Cheers.

1) “We believe that the software code they evaluated, while sharing similarities to the current code, is outdated and never was used in an actual election.”

---What version was used? How was it changed? Which, if any, of the flaws noted in the "Analysis of an Electronic Voting System" report were fixed? How?

2) The research “overlooked the total system of software, hardware, services and poll worker training that have made Diebold electronic voting systems so effective in real-world implementations.”

---How do these factors keep the vote counting process from being tampered with? Please address each of the problems noted in Section 3 of that report and explain how the "total system" fixes these things.

3) The company said its e-voting software is constantly updated to comply with certification requirements.

---Are these updates intended to bring the software into better compliance with established regulations? If so, does this mean that software actually used in elections was in fact not compliant before the upgrade? Please explain how each revision corrected specific types of non-compliance, and document which elections were run on versions in which these defects had not yet been fixed.

---Or are you claiming that the changes were made only when required by changes in regulatory requirementss? If so, explain how each of the actual changes in the software were related to specific changes in certification requirements.

4) "Our election systems products and services undergo a series of certification processes, which are conducted by federal, state and local officials, including logic and accuracy testing, and represent a sequence of security layers."

---What testing is actually done? Was the testing protocol adequate or even designed to reveal the flaws described in the research report? Was the version studied by the researchers also subjected to the "whole series of certification processes?" If so, then why didn't your testers discover these defects? If you are claiming that these defects were discovered and fixed in all versions actually used in elections, can you prove this? Were these flaws present in versions used in earlier elections?

5) "We have been using the systems now for a year and a half. We've had great success in dealing with them."

---What do you mean by "success." Would possible tampering with the vote count be a "success?" Or is vote-rigging just not relevant to your definition of "success?"

6) On election day, human election workers would count the number of votes cast at each terminal and retain receipts that would tie people to a specific machine (but not to their actual vote). If the voting machine's tally doesn't match the operator's count, then the votes on that machine would be thrown out and those voters allowed to recast their ballots." If there is a failure or a compromise of one unit, we know who voted on that unit," (project manager for Maryland's voting system implementation, David) Heller said. "We don't know how they voted, but we know who voted."

---You're joking, right? Don't you think it would be simpler to just count the actual ballots? Oh, that's right -- there are no actual ballots. What do you think it would cost to actually send election office workers out to locate everyone and obtain new ballots? What if you were unable to locate everyone? Wouldn't you in fact just send out some form letter and then toss out these people's votes? If mismatched machine and human counts are sufficient to invalidate hundreds or thousands of legitimate decisions by voters, isn't this just one more vulnerability? Doesn't your "solution" encourage targetted sabaotage?

I have a multi-boot Windows computer. I just did a software-based file count, and came up with the following:

My Win98 (SE) operating system directory tree contains 3,193 files.

My Win2000 Pro operating system directory tree contains 7,269 files.

My WinXP Pro operating system directory tree contains 10,025 files.

Each of these systems are updated and patched regularly, so the counts are in all likelyhood fairly typical.

NOW: I've read from more than one source that Bev Harris has stated that within the Diebold Blackbox software cache there are 40,000 files contained on no less than 7 cds.

My question is, naturally, just why is such a complex system (one that outstrips WinXP Pro by a factor of 4) needed TO DO NOTHING OTHER THAN TALLY VOTES???

... the difference is that the files Bev and others have also includes user documentation, some specific versions for some areas of the country of the DB files, GEMS (voter database management) and the OS files. You're just comparing to OS. It's still a hell of a lot more than is necessary.

http://washingtontimes.com/metro/20030724-102543-4946r.htm

Voting system called flawed

By Brian Witte
ASSOCIATED PRESS

BALTIMORE — An electronic voting system used in some states and marketed across the nation is so flawed that it could be manipulated easily, computer security researchers concluded in a study released yesterday.
The study found "significant security flaws" with the system designed by Diebold Election Systems. The system was vulnerable to unscrupulous voters, as well as "insiders such as poll workers, software developers and even janitors," who could cast multiple votes without a trace, the study reported.
The system allows ballots to be cast on a 15-inch touch-screen monitor.
"I don't think it can be done right now this way," said Avi Rubin of Johns Hopkins University, a lead researcher on the study, which was the first review of the software by independent computer security researchers.

on edit: Diebold reached an agreement this month with Maryland to provide up to $55.6 million in voting technology, expanding the use of touch screens from four counties to the rest of the state.
Mr. Rubin said he planned to urge state officials not to use the system.
"You guys just bought something that doesn't work," Mr. Rubin said he planned to tell Maryland election officials. "Go get a refund."


more...

Since they decided to label the code that the experts have examined as being "outdated," what exactly is the date of the code in question? I believe it was Punpirate who said earlier that the GA election used an earlier version. That alone proves there were serious flaws in the code used in GA because correct me if I'm wrong, don't they "upgrade and improve" code each time it's done? Just curious. I'm a self-proclaimed ignoramous when it comes to computer lingo. My son's a genuis with them though. :D

Oh yes, and a particular someone I PM'd you about a while back, has been online all night. I can't imagine what has "its" attention. :D

1) “We believe that the software code they evaluated, while sharing similarities to the current code, is outdated and never was used in an actual election.”

Basically, they are saying pay no attention to the horrifying stupidity of the secret source code that was leaked, because we have new secret source code. Uh huh.


2) The research “overlooked the total system of software, hardware, services and poll worker training that have made Diebold electronic voting systems so effective in real-world implementations.”


Distract distract distract. The code is not important, nothing to see here.


3) The company said its e-voting software is constantly updated to comply with certification requirements

See answer #1. Also ignore the fact that the old horrifying code also passed the 'certification' and the certification is therefore worthless. Nope don't think about that.


4) "Our election systems products and services undergo a series of certification processes, which are conducted by federal, state and local officials, including logic and accuracy testing, and represent a sequence of security layers."


Spin. Rinse. Repeat. See answer #3.



5) "We have been using the systems now for a year and a half. We've had great success in dealing with them."


Nobody is complaining, you must be wrong.



6) On election day, human election workers would count the number of votes cast at each terminal and retain receipts that would tie people to a specific machine (but not to their actual vote). If the voting machine's tally doesn't match the operator's count, then the votes on that machine would be thrown out and those voters allowed to recast their ballots." If there is a failure or a compromise of one unit, we know who voted on that unit," (project manager for Maryland's voting system implementation, David) Heller said. "We don't know how they voted, but we know who voted."


Machine manipulated = Internal reciepts manipulated. Completely invalid claim here, which also shows ignorance of the actual code by the person speaking, a project manager for gods sake.


Soo there ya have it.

Nothing to see here, old news, were fantastic and now move along.

1)
2)
3)
4)
5)
6)

They're liars.

Show what their lies were in the past, and ask questions that expose more lying. Why make people suffer through technobabble? Everyone understands what a liar is.

:hippie: "Rebuttals by Dave" :hippie:
(And don't you have Afro-smile-faces?)

Couldn't have done it better myself.

Them and the GOP frauds. It's only that the rest of the country defines "success" VERY differently.

5. This is actually one of the hard ones, psychologically. Problem is, people who haven't given it a second thought went and voted, and said, "Okay, that was pretty easy." Got outta there, figured everything was fine.

THAT IS THEIR ONLY HANDS-ON EXPERIENCE WITH THESE MACHINES.

IF THEY DIDN'T GET THOSE OBVIOUSLY MESSED-UP MACHINES THAT WOULDN'T DISPLAY THE DEMOCRAT EVEN WHEN THE VOTER VOTED FOR THEM, THEY PROBABLY THING EVERYTHING IS FINE. Those are some of the people who will need to be hand-held along. They like surety, they like predictability, they are trying to forget that CEOs have failed them, the Catholic Church has failed them, and gee, that George Bush seems to be having a hard time.

These people want closure, not open-ure (I know, it's not a word.)

For them, I would stress that an answer to the problem is waiting in the wings -- the paper trail. Open problem. Close with a solution.

Push Diebold on why on earth a backup system for something as important as voting could possibly be a problem.

"...dismissed the report's findings as the concerns of those who spend too much time in the ivory tower.

"Electronic election auditing and security is a very complex and multilayered process, which is not always well understood by individuals with little to no real-world experience in developing and implementing such a process," said Michael Jacobsen, spokesman for the Ohio-based company.

Whew! Let's not worry our pretty little heads about it then, shall we?

And here's David Heller again (with a little practice, this guy could beat Brit Williams in the whopper-tellers category):

state law and election training procedures are designed to ensure the integrity of elections, regardless of the voting machine. "The chances of someone manipulating the system are slim to none," he said.

(Unless you're a 15-year-old with a hundred bucks and a smidgen of computer savvy.)

Heller points to a recount in Allegany County... "We printed out all ballot images to verify the unit did tally correctly. There were no variances," he said. "That gives the system more credibility. The results of the recount speak for themselves."

(Lemme see, I'm going into my address book and I'll record my name as "Bev" -- only my keyboard is messed up and it records "Gwc" instead. Now I'll print out a summary sheet with all the names in my address book. It says "Gwc." No matter, I'll just tell it to print only one entry at a time, that'll fix it.)

This again: "Diebold's Jacobsen said the software code that the Hopkins scientists evaluated was outdated and was never used in an election."

... was it TS or OS? If OS, it had a TIF of each ballot scanned, as written upon.

If it was TS, the image is generated from the stored ballot information. There is no image of an actual ballot--in TS, it's all virtual.

Fuckin' bozos. They don't even know the equipment they bought.

As for the last sentence, can someone in Georgia convince the Attorney General to seize a randomly-selected machine to verify the claim?

On edit, here's where it might get sticky. Diebold can claim a different software version was used. But, the only way to know if that version is (was) substantively different is a line-by-line examination. That means someone has to get their paws on a machine in storage and check the OS and the Diebold software line by line from the supposedly "up-to-date" version. If the code is modified insignificantly, but a new version number is written to it, they're done for, dead nuts. If the code is demonstrably different (i.e., all the security issues resolved, all the previous code inconsistencies repaired), then Diebold has a reasonable claim.

Why can't someone make a citizen's arrest on a voting machine? *smile*

Cheers, Bev.

the Hopkins scientists evaluated was outdated?

... no evidence.

Cheers.