Monday, July 30, 2007
Following up on Friday night's post (Bowen's Red Team Compromises Each Voting System Tested) where I excerpted from the Diebold report, (much later) tonight I will present several items from the Hart Intercivic report, which also has relevance here in Humboldt. But first, a check of the local media.
The Eureka Times-Standard was first out of the gate on Saturday morning (archive). There are two things I have to point out about this article. The story's lede, sets the stage:
Local election systems may be vulnerable to hackersI don't know that Faulk could have written a more straight up or accurate intro to this story. It makes it clear that hackers ARE able to hack into Humboldt voting systems. Then why does the headline say merely that the machines MAY be vulnerable to hackers?
James Faulk/The Times-Standard
Article Launched: 07/28/2007 04:21:31 AM PDT
EUREKA -- A team of University of California computer scientists were able to hack into several voting systems used by California counties, including the two systems currently used in Humboldt County, the secretary of state announced Friday.
The second comment I have about this article pertains to the last two paragraphs:
Humboldt County Registrar of Voters Carolyn Crnich said it's unclear under what conditions the tests were prepared.As I noted in the comments on the T-S website, the introduction of this report dismisses the Registrar's dodge:
"It's my understanding that the red team attacks that were made during the top-to-bottom review did not take into consideration the security efforts or guidelines that had been added by former Secretary of State Bruce McPherson -- so whether or not the systems could be penetrated with those other security guidelines in place, I don't know," Crnich said.
In developing our attacks, we made no assumptions about constraints on the attackers. "Security through obscurity" – or the practice of assuming a veneer of security by relying on attackers not having access to protocol specifications or of using tools that are perceived to be difficult to acquire – is not an acceptable option for any system that can't afford to have its security compromised. Our study examined what a dedicated attacker could accomplish with all possible kinds of access.Quoting myself from the T-S site...The greatest threat to our election systems comes not from an individual voter, but rather from insiders at the elections department or working for the machine vendor (Diebold). These are the people with the greatest access to these exploits who can secretly make large scale changes that will never be detected...I go on to say some other things but that's the gist for this post.
Now, the next article to land will be in Tuesday's Eureka Reporter. The story has been online for maybe an hour now. It is kind of strange. There is no byline and I'm the only person quoted other than a Bowen press release. The headline is: "Audit standards review group releases report." This refers to yet another component of Bowen's Top To Bottom Review (TTBR). Check out the 38-page report as a .pdf here. This article is comprised almost entirely of excerpts from the report and then concludes with quotes from me.
I believe the person who called me said her name was Laura. She sounded young and a little uncertain. She told me former elections beat writer Rebecca S. Bender had left the paper as of Friday last week. I knew about this because a few months ago at an Election Advisory Committee meeting, David Cobb inadvertently "outed" Rebecca's planned departure before she really wanted people to know. I had no reason to mention it until now but I do wish her well. So anyway, Laura asked for a comment on this new standards review report that came out today. I declined to comment since I hadn't read it. She then asked about the other related reports and we had a more general conversation about what is happening. Here's what she used:
Though he had not yet seen the report, Dave Berman, one of the founding members of the local Voter Confidence Committee, said he is aware that other studies have been conducted recently regarding the voting process in California, and said he looks forward to Bowen's announcement on Friday as to what action she plans to take.It seemed out of place at the end of this article but then I'm not sure I've ever had a better quote!
Berman said the Voter Confidence Committee promotes the idea of handcounting 100 percent of the ballots the first time around and recounting 10 percent for the audit. He said simply increasing the percentage recounted in the audit is like "putting a Band-Aid on a gunshot wound" when the first count is performed by machines.
Hank Sims from The Journal and also KHUM called me today too, presumably for his Town Dandy column due out on Wednesday. We actually spoke twice, and in between he spoke with Registrar Crnich. That made our second chat very interesting. During that time he also got to look at something I am now making public for the first time.
This is a spreadsheet that allows you to enter different variables, such as how many precincts are in your county and the average number of ballots cast per precinct. All together, the numbers you enter will then estimate how many ballot counters you need and what it will cost to pay them to do an all hand-count election. The Voter Confidence Committee will be incorporating this great new tool into the next iteration of our Report on Election Conditions in Humboldt County, CA. I don't know when that will happen. Meanwhile, election integrity advocates working for HCPB anywhere will find this tool useful. We all owe a debt of gratitude to Nancy Tobi and Democracy For New Hampshire. It is their recent presentation that provided me with the formula for creating the calculator. [NOTE: The presentation was actually made by NH Assistant Secretary of State Anthony Stevens – WNDC regrets the error.]
I have a feeling that after I've heard from a few people about the calculator I'll probably want to make it the centerpiece of another post instead of burying this announcement 80,000 paragraphs under the sea. At any rate, back to Hank Sims.
He asked me if I felt vindicated by these new reports. I told him I would not use that word. It suggests I had previously been thought wrong but now stand affirmed. The truth is that the findings of Bowen's TTBR explicitly state that previous exploits were again confirmed. Anybody coming around to these findings of fact really can't plausibly explain previously thinking otherwise.
Sims informed me that Registrar Crnich took a position with him that was similar to the one she took in the T-S piece above. Having already addressed this once, I realized it wasn't just sounding familiar from the Registrar. Moments before I got the first Sims call, I was looking at a document I had just received from the indefatigable Tom Courbat of Sav-R-Vote in Riverside County, CA. Click here for "the corporate line" by Sequoia, attempting to explain away all the findings of Bowen's Red Team members. I never did finish reading it, but its "those aren't the droids you're looking for" tone pretty much parallels what our Registrar was trying to pull off.
Plain and simple: there is no way to spin these reports to make the machines look good. Their time has passed. We've reached a tipping point of public consciousness where secret vote counting machines are completely unacceptable and public officials who continue to defend them do so at the risk of their own credibility.
Finally, as promised at the beginning of this marathon post, here are excerpts from Bowen's Red Team report on Hart Intercivic. These first two passages are identical to wording in the Diebold report. There are several other passages in common.
In developing our attacks, we made no assumptions about constraints on the attackers. "Security through obscurity" – or the practice of assuming a veneer of security by relying on attackers not having access to protocol specifications or of using tools that are perceived to be difficult to acquire – is not an acceptable option for any system that can't afford to have its security compromised Our study examined what a dedicated attacker could accomplish with all possible kinds of access.
Our study was constrained by the short time allowed. The vulnerabilities identified in this report should be regarded as a minimal set of vulnerabilities. (emphasis in original)
The Red Team, working in close conjunction with the 2007 TTBR Hart Source Code Team, discovered that the Hart EMS software implicitly trusts all communication coming from devices appearing to be Hart-branded and neither authenticates the devices nor performs adequate input validation on data transmitted to it by the devices. This allows for the possibility that a compromised device, such as an eScan that had been tampered with at a polling station, could infect the EMS systems. In particular, the Source Code Team discovered a weakness in the code that would allow an eScan to perform a buffer overflow attack and execute arbitrary code on the computer running SERVO.
The team was also able to access device-level menus that should be locked with passwords but were not. This access could allow an attacker a vector for altering configuration settings and/or executing a denial of service on the eScan.
Some of the findings from previous studies on precinct count optical scanners were replicated on the eScan, and they allowed the Red Team to maliciously alter vote totals with the potential to affect the outcome of an election. These attacks were low-tech and required tools that could be found in a typical office.
The Red Team implemented an attack devised by the 2007 TTBR Hart Source Code Team that was able to extract election-sensitive information from the eScan and issue administrative commands to the eScan. The leaked information would allow an attacker the ability to execute further attacks, while administrative commands issued to the eScan could erase electronic vote totals and audit records from an eScan while putting it out of service for the remainder of the Election Day. For more details on these attacks, please see the 2007 TTBR Hart Source Code Team report.
The Red Team verified previous findings on the JBC regarding access code generation and also discovered that a surreptitious device could issue commands that caused the JBC to authorize access codes. If the JBC is in early voting mode, it will not print receipts for the access codes issued. If the JBC is in regular election mode, it prints a receipt each time an access code is issued. When in early voting mode, an attacker could attach the surreptitious device to the JBC. (Note: the surreptitious device is easily concealable in one hand.) After waiting for about a minute, while all possible access codes are issued, the attacker could then proceed to cast multiple ballots using any access codes.
Additionally, the team expanded on previous findings that the MBB in the JBC is vulnerable to tampering during an election. Extracting the MBB from within the JBC during an election and tampering with it without detection would probably require poll worker access, but the team was able to prove that this access would be sufficient to alter vote totals – and in such a manner that it would not be detected in the course of normal operation, though a very thorough audit might reveal it. Furthermore, the team found that post-election MBB tampering safeguards (by which we mean only the technological safeguards, not procedural safeguards such as the use of tamper-evident seals) are insufficient to guarantee that such tampering would be detected. Thus, the team is confident that post-election MBB tampering would succeed in many, if not all, instances.
Finally, the Red Team collaborated with the 2007 TTBR Hart Source Code Team to decode the protocol used for communication between the JBC and eSlates. This protocol does not authenticate the devices on the bus (the communication line), so all communication is considered trusted. The teams were able to intercept the communication, but they were unable to get an exploit working to interrupt or manipulate the communication; this, again, was due to time constraints. Full details of this work can be found in the 2007 TTBR Hart Source Code Team report. The teams are confident that, given more time, they could craft a device that could maliciously alter vote totals and violate voter privacy.
IV. Successful Attack Scenarios
The following attack scenarios were successfully carried out in the laboratory environment of the Secretary of State’s testing facility.
1. Attack Scenario 1
In this scenario, a malicious voter prepares a surreptitious device and brings it with her to the polling station during early voting. She registers as usual and is issued an access code. Before she leaves the registration table, however, she quickly connects her device to the JBC and converses with the poll workers for a brief time—thirty to forty seconds should suffice. She proceeds to an eSlate and casts a ballot normally. She then enters arbitrary access codes and casts ballots at will, continuing to do this for as long as she suspects she will be unchallenged in the voting booth, casting an arbitrary number of ballots. This results in an electronic ballot box stuffing attack.
In an early voting situation, when the JBC doesn't print out a ballot access receipt each time an access code is issued, the Polls Suspended Report (automatically printed by the JBC) will indicate an unusually large number of access codes issued and more ballots cast than voters who checked in at the registration desk when polling concludes. In regular election mode, this problem would likely be detected much sooner, since the JBC is designed to print a ballot access receipt each time an access code is issued by the machine.
2. Attack Scenario 2
In this scenario, a malicious poll worker finds an opportunity after the close of polls to alter the contents of the MBB using his personal laptop. The attacker identifies ballots containing votes for a candidate he doesn't want to win the election and overwrites those ballots with records containing votes for a candidate he does want to be successful. After tampering with the MBB, the attacker replaces it in the expected chain of custody. The technological safeguards for detecting this tampering are insufficient and can, by default, go unobserved. This results in altered vote totals that can only be detected in the event of a manual recount of eSlate VVPAT records.
3. Attack Scenario 3
In this scenario, a malicious observer uses a remote device to capture the audio narration – including the narration associated with a voter's actual voted ballot – from an eSlate with audio capabilities. She is able to observe voters walking up to the eSlate and match them to the audio narration she is capturing, allowing her to violate a voter's right to privacy by linking voters to their vote selections.
Although the Red Team did not have time to finish exploits for all of the vulnerabilities we discovered, nor to provide a complete evaluation of the Hart voting system (System 6.2.1), we were able to discover attacks for the Hart system that could compromise the accuracy, secrecy, and availability of the voting systems and their auditing mechanisms. That is, the Red Team has developed exploits that – absent procedural mitigation strategies – can alter vote totals, violate the privacy of individual voters, make systems unavailable, and delete audit trails.
Saturday, July 28, 2007
Guest blogged by Jane Allen in San Francisco
According to a recent article in the San Francisco Chronicle, the city is headed for another disaster.
"Earthquake predictions?" you ask. No. This is about the November 2007 election and the city's lack of a certified voting system.
The July 25, 2007 story states that election officials in San Francisco, along with those in California Secretary of State Debra Bowen's office, "are scrambling to find a way to keep the city from having to count more than 200,000 ballots by hand" and calls it "a nightmare process that could drag on for weeks." John Arntz, San Francisco's Director of Elections, was quoted as saying, "There's a very realistic possibility we'll be doing a hand count."
Just one of several disconnects around San Francisco's vote-counting saga is this: at the July 18 Elections Commission meeting, Mr. Arntz seemed rather unconcerned about this issue, saying, "A hand count is not the plan," and "it is most likely" that San Francisco will use the ES&S Optech Eagle (the present, uncertified system) for the November election.
How can it be that Mr. Arntz was, at a meeting last week, unaware of the "nightmare" described by John Wildermuth of the Chronicle? Is the Chronicle indulging in hyperbole? Did Mr. Arntz get a very sudden wake-up call? Or is Mr. Arntz speaking out now to push the Sequoia Voting Systems contract approval, despite a February 2007 thumbs down from the Board of Supervisors?
Looking at the larger picture, maybe that "nightmare" is already here?
The four-year $12.6 million contract with Sequoia for uncertified equipment (negotiated by Arntz) was not approved because, the supes said, Sequoia must publicly disclose the source code. Sequoia declined. Supposedly, negotiations over that are continuing, so it's still on the table ... or maybe at least on the floor next to the table? At the July 18 meeting, Mr. Arntz again expressed his hope that the contract would be approved. With the election only three months away, it sounded like he still can't let go of the fantasy of Sequoia riding to the rescue. (While he was negotiating with Sequoia, public comment at Elections Commission meetings repeatedly urged him to specify open source code. He ignored those pleas, and then -- oops -- the Board of Supervisors demanded the same.)
Mr. Arntz's June 28, 2007 memo to the mayor and supervisors ("Brief Overview of Manually Counting and Tallying Votes for November 6, 2007 Election") gave no cost estimate for a hand count. But in a May 18, 2007 San Francisco Examiner story, he placed that number at "roughly $1 million," which may be quite a bargain compared to the Sequoia deal.
As for the hand-count "nightmare," New Hampshire – yes, the entire state – routinely hand-counts 20% of all ballots on election night, according to Democracy for New Hampshire. In November 2004, New Hampshire recorded 676,227 votes in the presidential race, meaning about 135,000 were tallied by hand. Won't San Franciscans be willing/able to step up and count November’s expected 200,000 ballots?
Adding another bit of mess to this scenario, Brent Turner of the Election Defense Alliance (EDA) mentioned at June and July Elections Commission meetings that Sequoia plans to sue San Francisco over the unapproved contract. Brent said Steve Bennett of Sequoia had made that threat.
So here's what we've got:
- uncertified, old ES&S equipment that may or may not be used to run the November election;A hand count could turn out to be the least of our worries.
- an ES&S breakdown rate (requiring tech support) of about 25% in June 2006 and 35% in November 2006 -- so those machines are increasingly looking like more trouble than they're worth;
- the Secretary of State trying to work out some sort of accommodation on the ES&S certification issue;
- on July 18 Mr. Arntz sounding pretty optimistic about the SoS giving some kind of OK to ES&S, thus avoiding a hand count;
- a week later, a gloom and doom article from the Chronicle with Mr. Arntz saying a hand count is a "realistic possibility";
- ES&S officials, according to Mr. Arntz, not responding to his phone calls (although others -- Commissioner Townsend and EDA's Brent Turner -- report reaching Lou Dedier, a VP of ES&S, with no problem);
- ES&S consistently ignoring requests to appear at Elections Commission meetings (will they show up on election day? – it's anybody's guess);
- Sequoia possibly going to sue the city/county of SF if their contract isn't approved;
- no sign of Mr. Arntz making comprehensive contingency plans for putting together a hand-counted election; and
- the Elections Commission, at the July 18 meeting, voting to recommend renewal of Mr. Arntz's employment contract.
Friday, July 27, 2007
The big announcements will be next Friday, August 3, when California Secretary of State Debra Bowen will reveal decisions on certifications for the various "election machines" used in CA. She is holding a public comment session in Sacramento on Monday, and today issued a press release called "Independent Computer Expert Teams Release Findings in Top-to-Bottom Voting System Review Ordered by Secretary of State Debra Bowen." On the Secretary's website, this page has links to various different reports within the overall review. There are separate reports on the testing of Sequoia, Hart Intercivic, and Diebold, which is the only one I've read so far because it applies here in Humboldt County. The headline of this blog post says it all. I think this report is going to be as important as such landmark documents as the Hursti Hacks, and the Berkeley VSTAAB Report. Here are just a few assorted excerpts from the 17-page Diebold report:
Our study was constrained by the short time allowed. The vulnerabilities identified in this report should be regarded as a minimal set of vulnerabilities. (emphasis in original)
still page 10
The GEMS server is on a local area network (LAN) with other Diebold components, and this LAN is supposed to be isolated. However, even Diebold documentation reports that this requirement is not always met. Therefore, attacks via Ethernet against the GEMS server could reasonably be executed by personnel with physical access to the networking components (hubs/switches) in the isolated LAN or— if the Diebold LAN were intentionally or unintentionally connected to a public internet connection—by remote attackers
a. Windows Vulnerabilities
The Red Team performed vulnerability scans against the GEMS server. The results identified multiple vulnerabilities; primarily, these vulnerabilities existed because the Windows 2000 server (configured by the Diebold technicians) was not properly patched3. After noting these vulnerabilities, the Red Team was able to download an exploit from a free public repository of well-known and documented exploits. This exploit gave the Red Team access of a Windows Administrator on the GEMS server.
3 Even if the Red Team had been expected to make other system configuration changes in order to make the GEMS server consistent with Diebold configuration documents, it would have been highly unreasonable for Diebold to expect the Red Team to patch Windows 2000 Server.Additionally, the Red Team noted that most standard Windows logging capabilities were either disabled or enabled in very limited states in the configuration provided by Diebold. This means that most malicious actions taken by attackers would not be traceable. More detail on the auditing configuration of this system is available in the report prepared by the 2007 TTBR Diebold Documentation Review Team.
Finally, the Red Team uncovered evidence that Diebold technicians created a remotely-accessible Windows account that, by default configuration (according to the Diebold documentation), can be accessed without the need to supply a password. There is evidence to suggest that this account is intended to be used by TSx units for dial-in access at the close of polls on Election Day, but the documentation for election officials never mentions this particular account by name. An attentive system administrator would notice the account. However, the responsibility should not be on election officials to discover remotely-accessible Windows accounts and act appropriately to ensure those accounts are not inappropriately accessed. Devices, as delivered to customers, should only have accounts that are well-documented and remote access that is necessary for the needs of the particular county. Undocumented remotely-accessible logins are contrary to generally-accepted security practices.
b. GEMS Databases
The Red Team used Windows Administrator access on the GEMS server to manipulate and corrupt GEMS databases. These actions could result in manipulated vote totals or in the inability to read previously-generated ballot definitions if no valid database backups were available (whether because the backups were not made or because the backups had also been corrupted). On election night, the inability to read results from the deployed TSx and AV-OS devices could render an election impossible to complete electronically. In this case, a hand count of paper ballots and VVPAT records would be the only option for deducing the intent of the voters who turned out on Election Day.
c. GEMS Audit Logs
The Red Team found methods for executing actions from within the GEMS server that could not be tracked by the GEMS audit logs, allowing malicious GEMS users to conceal actions they had taken while logged in. Additionally, the Red Team noted that one of the standard functions offered by GEMS is the ability for a GEMS administrative user to change the username of her account. This is a non-standard computing practice, and it could potentially be used by a rogue administrator to implicate another GEMS user (i.e. other elections personnel).
2. GEMS Server Networking Components
Using information gained from access obtained as the Windows Administrator user, the Red Team was able to guess the authentication credentials for the networking hardware supplied by Diebold, and gain root access on these devices. These root accesses would provide sufficient access for an attacker to manipulate every setting on the networking devices and on the server. Additionally, the Red Team was able to use this access on the GEMS server to install the drivers for a USB wireless dongle. This small device was then planted on the back of the server, ensuring remote access to the GEMS server even
3 Precinct Count AV-OS
The Red Team was able to verify the findings of some previous studies on the AV-OS unit; the impact of these was to alter vote totals in order to change the vote results on that machine.
Everything about GEMS and the AV-OS applies to Humboldt County. There are a few items worth noting for the TSx touch screen machines used in other parts of the state.
page 12Well there you have it. Really nothing too surprising if you've been paying attention at all in the past several years. What is Bowen going to do? It seems unlikely she will compel the entire state to hand-count paper ballots, yet where is there room to compromise with the continued use of these so-called "election machines"?
a. TSx: Physical Security
The Red Team was able to violate the physical security of every aspect of the TSx unit, using only tools that could be found in a typical office. This guaranteed the access necessary to execute physical and electronic attacks.
b. TSx: Malware
The team verified previous findings regarding multiple avenues for overwriting system firmware and software as well as for the introduction of malware that would affect the current software. These avenues, when exploited, are a platform for altering vote totals to potentially change the outcome of an election. They could also be leveraged to violate voter privacy4 or enact a denial of service on affected devices.
Of potentially greater concern, the introduction of malware into a TSx unit could spread virally into the GEMS server via format string errors in the GEMS software as identified by the team. TSx units use PCMCIA cards to store and transport election definitions and vote totals. When those vote totals are communicated back to the GEMS server (either by physical transfer of the PCMCIA card into a TSx unit connected directly to the server’s LAN or over a dial-in connection), an exploited TSx could virally infect the GEMS server. Future TSx and AV-OS units connected to the GEMS server could likewise be infected as ballot definition files are transferred via serial or Ethernet connection.
g. TSx: PCMCIA card
The Red Team verified the results of other studies, which found that modifications to the contents of the PCMCIA card could affect the accuracy of vote totals.
Although the Red Team did not have time to finish exploits for all of the vulnerabilities we discovered, nor to provide a complete evaluation of the Diebold GEMS 1.18.24/AccuVote system, we were able to discover attacks for the Diebold system that could compromise the accuracy, secrecy, and availability of the voting systems and their auditing mechanisms. That is, the Red Team has developed exploits that – absent procedural mitigation strategies – can alter vote totals, violate the privacy of individual voters, make systems unavailable, and delete audit trails.
By the way, San Francisco is one place that may already be closer to hand-counting than most people realize. Guest blogger Jane Allen has that story very shortly.
Thursday, July 12, 2007
The Eureka Times-Standard (archive) on Thursday published an unbylined piece about the Voter Confidence Committee (VCC) Report on Election Conditions in Humboldt County (.pdf).
Voter Confidence Committee issues report on November electionOverall, that intro--and the entire brief article, for that matter--uses welcome frames for presenting this report. The rest of the article mentions a variety of topics addressed with recommendations in the report.
Article Launched: 07/12/2007 04:14:10 AM PDT
EUREKA -- A report from an election reform advocacy group analyzing the election of November 2006 outlines several issues with the system and potential improvements.
The report by the Voter Confidence Committee, addresses its biggest beef with the county election system -- the use of Diebold ballot-counting machines, which the committee says can't be trusted.
"Under current conditions, vote counting is done in secret, using proprietary voting equipment that requires the public to accept election results with 'blind trust,'" says the report. "While a perfect voting system may not yet exist, it will be clear to readers of this report that many practical election reforms can still move us closer to the realistic idea of establishing a basis for voter confidence in election results."
After finding the article online this afternoon, I left a message for T-S editor Rich Sommerville, thanking him for the article and asking if he would be willing to meet with a few of the group members to discuss some of the proposals we make. The report is straightforward in offering suggestions for improved media coverage of elections, much of it previously appearing at WDNC or GuvWurld. In the coming weeks and months I look forward to setting up pow-wows with the editorial board at each of our local newspapers.
Oh, and we're active on other fronts too. Next week a few of us will be meeting with County Supervisor Bonnie Neely.
100th WDNC post
Saturday, July 07, 2007
Last weekend I posted a quickie response immediately after seeing this Eureka Reporter article based on the Voter Confidence Committee press release about our new Report on Election Conditions in Humboldt County (.pdf). After meeting with the VCC on Tuesday night it was decided that a slightly revised version of my response should be submitted to the Reporter, which will apparently run it in Saturday's edition, online now (full text below).
Group urges dialogue about elections
by Dave Berman, 7/6/2007
As in the past, I would say again that elections beat writer Rebecca S. Bender presented a fair piece in the July 1 Eureka Reporter: "Watchdog group calls for hand-counted ballots," with quotes from a Voter Confidence Committee news release and one item straight out of our report, balanced with quotes from Registrar of Voters Carolyn Crnich.
Bender does err in referring to the 20-page report as a 30-page report, but I suspect this will be quickly forgotten.
Of greater consequence, Crnich questions the relevance of some of the references in the time line portion of the report. True, not everything in this section refers to equipment used in Humboldt County.
However, this series of brief paragraphs does include detailed information about the history of machine failures in Humboldt County, the results of hack tests on the same type of equipment used here, results of a statewide audit that found Humboldt County was using uncertified software, the determination by the Department of Homeland Security that our central tabulator program, GEMS, is a threat to national security and the finding that requisite independent testing of our equipment was not done.
One might argue we had enough with just those bits of information. But, we felt it was important to place all this against the backdrop of what was happening nationally, revealing that machines by other manufacturers were also failing or found to be highly vulnerable to tampering, that some elections counted by optical scanners were overturned by hand counts and that official reports by the GAO and congressional committees found that votes had been lost and miscounted. This context is not irrelevant because we want readers to understand why the VCC has such a keen interest in how our elections are run. No more secret vote counting!
In The Eureka Reporter article, Crnich attempts to marginalize the recommendations in the report by saying the Humboldt Transparency Project makes most of them moot. With due respect to the registrar, this is disingenuous. The Transparency Project allows for the scanned images of all ballots to appear on CDs so that any community resident can do a recount and compare with the official results. This is lipstick on a pig. It is a red herring that doesn’t make Diebold's secret vote-counting machines OK.
Another concern we have about the Transparency Project is that citizen review of the ballot image CDs won't occur until after the election is certified. It is vital to get it correct on election night because the prospects of later getting election results changed are prohibitively small.
This spring there were several official challenges to questionable congressional results from November. Congress dismissed all but one of the challenges without considering submitted evidence. If the public gets the ballot image CDs after certification, whatever may be found on the disks is not likely to matter.
The VCC report also points out that Crnich is at greater risk by allowing the post-certification audits than she would we be if such review were possible before certification.
Obviously, once the registrar certifies an election, she is staking her reputation on its accuracy. It only makes sense to do all the accuracy checking before certifying the results as accurate.
The VCC does not oppose the Transparency Project, but we do have some reservations about how it is to be deployed. We encourage more public dialogue, in general, about how we run our elections.
We invite you to visit www.VoterConfidenceCommittee.org to get a free copy of our "Report on Election Conditions in Humboldt County, California."
We can't imagine anyone reading this and still justifying the Diebold optical scanners. Visit our Web site or e-mail the VCC at info@VoterConfidenceCommittee.org to learn more about our campaign for hand-counting paper ballots.
Wednesday, July 04, 2007
While I'm writing this I'm listening to the .mp3 of my hour on KMUD tonight. I'm so glad I asked Rabbi Les Scharnberg to join me, and that we offered to drive an hour to the studio in Redway. Unfortunately, our host, Ellen Komp, never made the scene. So I basically took the role of host and Les and I spent an hour presenting the new VCC report (.pdf) to the community. We took a few phone calls and the whole thing was amazingly smooth. I am grateful to Ellen and sorry she wasn't able to be with us. She works with the Civil Liberties Monitoring Project, a Southern Humboldt group doing important election integrity work such as making this show possible.
That's Rabbi Les on my left in sunny Redway just after the show ended.
Awesome photo credit to Larry the engineer.
Monday, July 02, 2007
July 4, 2007 - This is the fifth installment in my annual Reflections on Independence series. My mind is liable to seize when considering how far down the slippery slope we've slid since the first of these essays. Yet it is heartening to look back five years to my first call for impeachment and revolution, and to realize how many millions more have spoken out similarly since then.
There may be nothing redeeming about those who have hijacked America, but if nothing else, we can laud them for being so remarkably similar to those overthrown in the first American Revolution. This national holiday of ours has created for me a tradition of reading again those immortal words that speak of our unalienable rights, and submit facts for a candid world to consider abuses, injuries and usurpations endured because "mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed."
The Declaration of Independence is the master change manual. It notes that it may be human nature to endure suffering, and that "Prudence, indeed, will dictate that Governments long established should not be changed for light and transient causes." And yet it defines not only "the Right of the People to alter or to abolish" their government, but indeed their "duty" to do so when government fails to secure our unalienable rights and derive its "just Powers from the Consent of the Governed."
I encourage you to refresh yourself on the Declaration, which is pasted at the end of this essay for your convenience. It could have been written yesterday, and yet if it had been, we certainly wouldn't hear about it on the news, unless the likes of Bill O'Reilly was cutting off your microphone and calling you a traitor. Proving our point much, Bill?
What do these historical references mean to you, or to any of us in the 21st century? I encourage you to consider publishing your own Reflections on Independence. This year as I approach this essay I find myself full of questions.
Who will liberate Iraq from its current occupiers?
Who will liberate America?
Why does any room full of Americans reciting the Pledge of Allegiance sound *exactly* like the Borg on Star Trek?
What do you call a person whose allegiance to a man comes before loyalty to the nation? This one is not rhetorical. We've cheered the parade of recently resigned whistleblowers, but I haven't noticed anyone booing the Secret Service as traitors. Can their job be considered honorable when it enables the behavior of war criminals? How would Nuremburg or Geneva look upon these enablers, should they ever be held to account?
Why are Bush and Cheney not the least bit worried about impeachment? For starters, Speaker Pelosi took the matter off the table, effectively telling them "don't worry about it." Why would she do this when these men have admitted and brazenly boasted with impunity about their high crimes and misdemeanors? Could it be because animals are most dangerous when wounded and/or cornered?
Is it realistic to think that Bush and Cheney will even stand for the Senate trial, stand for being held accountable? Think about their track record of avoiding accountability. Can we really believe that IF (big IF) Congress finally grows a spine, war criminals will submit to their judgment? This would be the first and only time they would have allowed themselves to be held accountable. And if countless other examples hadn't previously convinced you, don't the recent unitary executive directives make clear once and for all that they do not intend to yield power?
There really isn't any question that impeachment is appropriate and long overdue, it just won't be allowed to happen. I truly hope I'm wrong about that. But after presenting a plan for not leaving office, can we really doubt, if cornered, they will create the emergency context needed? When do We the People act like all bets are off? How many times will we say about these people, "I can't fucking believe it!" before we acknowledge that "they'll never do THAT" is no longer a reasonable assumption? This is the most dangerous potential of trapped rats. This is not only why impeachment won't work, if it is pursued, it also may be the private fear of many in Congress who refuse to act. Is it really out there to suggest that members of Congress may be just as afraid of what is happening as the rest of us are? Can fear sometimes lead to inaction?
What is the most insidious ramification of the military being intentionally stretched too thin? The military is unavailable to respond to an emergency at home. That is devastating in the context of a natural disaster. But what about when martial law comes? It won't be our official military that enforces this, it will be mercenaries. Halliburton and Blackwater will be the occupiers of America, overseeing a network of domestic concentration camps already built. Our military, sworn to protect and defend the Constitution, will not be here to do so. The media, of course, will portray a different reality that will instead reinforce the okayness of the concentration camps and validate the authority of the hired guns, all while our military overseas supposedly, paradoxically, fights for our freedom.
What is freedom, now? What is independence, now? A few thoughts...
Independence is...growing food.
Independence is...walking and pedaling.
Independence is...local decision-making.
Independence is...the power of the sun and wind.
Independence is...knowing that a majority of the government cannot act against the will or the interest of the majority of We the People.
The federal and state governments are directly harming We the People. Only local government remains as a potential means for seeking redress of grievances. Like all layers of government, local City Councilmembers and County Supervisors swear the same oath to protect and defend the Constitution. Can we then consider it a moment of accountability to begin judging whether our local governments are upholding their oaths? And if, sadly, it can be confirmed that no layers of government are willing to protect the citizenry and the rule of law, is there any other choice then but for We the People to alter or abolish the government, as is our duty and unalienable right?
With each passing year, parallels between our own present circumstances and the grievances in the Declaration of Independence become more obvious. Not everyone was ready to see it five years ago. The vast majority of the country--far, far more than the media lets on, of course--has awakened. The response is not merely to turn support away from failed policies of deceitful war criminals. The sleeping giant that has been American public opinion is coming to terms with what is at stake.
Wherever you are, you don't have to look too far to find a community that has called for impeachment or for repeal of the Patriot Act or for the return of their National Guardsmen and an end to war. This is how it begins. In my view, citizens targeting Congress with their demands are asking a leopard to change its spots. In the first two installments of this series I concluded by saying:
"Consider your town, county, state and country. At what level does the group decision-making no longer reflect the greater good? Set your sights there and work to take control."
I think we've answered that question by now and the advice still stands. Wherever local government is cooperating with illegitimate and abusive powers wielded at the state and federal level, we must compel it to stop and engage in municipal civil disobedience. And if it will not, this is the level at which we take over, at which we alter or abolish. Like any successful revolution, this must occur from the ground up, from local to regional. You don't have to be an anarchist to subscribe to this plan. Just a good old fashioned conservative worshipper of American history.
Peaceful revolution is necessary, NOW!
* * *
Read past installments:
Reflections On Independence 2002
Reflections On Independence 2003
Reflections On Independence 2005
Reflections On Independence 2006
* * *
The Declaration of Independence
IN CONGRESS, July 4, 1776.
The unanimous Declaration of the thirteen united States of America,
WHEN in the Course of human Events, it becomes necessary for one People to dissolve the Political Bands which have connected them with another, and to assume among the Powers of the Earth, the separate and equal Station to which the Laws of Nature and of Nature's God entitle them, a decent Respect to the Opinions of Mankind requires that they should declare the causes which impel them to the Separation.
WE hold these Truths to be self-evident, that all Men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the Pursuit of Happiness -- That to secure these Rights, Governments are instituted among Men, deriving their just Powers from the Consent of the Governed, that whenever any Form of Government becomes destructive of these Ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its Foundation on such Principles, and organizing its Powers in such Form, as to them shall seem most likely to effect their Safety and Happiness. Prudence, indeed, will dictate that Governments long established should not be changed for light and transient Causes; and accordingly all Experience hath shewn, that Mankind are more disposed to suffer, while Evils are sufferable, than to right themselves by abolishing the Forms to which they are accustomed. But when a long Train of Abuses and Usurpations, pursuing invariably the same Object, evinces a Design to reduce them under absolute Despotism, it is their Right, it is their Duty, to throw off such Government, and to provide new Guards for their future Security. Such has been the patient Sufferance of these Colonies; and such is now the Necessity which constrains them to alter their former Systems of Government. The History of the present King of Great- Britain is a History of repeated Injuries and Usurpations, all having in direct Object the Establishment of an absolute Tyranny over these States. To prove this, let Facts be submitted to a candid World.
HE has refused his Assent to Laws, the most wholesome and necessary for the public Good.
HE has forbidden his Governors to pass Laws of immediate and pressing Importance, unless suspended in their Operation till his Assent should be obtained; and when so suspended, he has utterly neglected to attend to them.
HE has refused to pass other Laws for the Accommodation of large Districts of People, unless those People would relinquish the Right of Representation in the Legislature, a Right inestimable to them, and formidable to Tyrants only.
HE has called together Legislative Bodies at Places unusual, uncomfortable, and distant from the Depository of their public Records, for the sole Purpose of fatiguing them into Compliance with his Measures.
HE has dissolved Representative Houses repeatedly, for opposing with manly Firmness his Invasions on the Rights of the People.
HE has refused for a long Time, after such Dissolutions, to cause others to be elected; whereby the Legislative Powers, incapable of the Annihilation, have returned to the People at large for their exercise; the State remaining in the mean time exposed to all the Dangers of Invasion from without, and the Convulsions within.
HE has endeavoured to prevent the Population of these States; for that Purpose obstructing the Laws for Naturalization of Foreigners; refusing to pass others to encourage their Migrations hither, and raising the Conditions of new Appropriations of Lands.
HE has obstructed the Administration of Justice, by refusing his Assent to Laws for establishing Judiciary Powers.
HE has made Judges dependent on his Will alone, for the Tenure of their Offices, and the Amount and Payment of their Salaries.
HE has erected a Multitude of new Offices, and sent hither Swarms of Officers to harrass our People, and eat out their Substance.
HE has kept among us, in Times of Peace, Standing Armies, without the consent of our Legislatures.
HE has affected to render the Military independent of and superior to the Civil Power.
HE has combined with others to subject us to a Jurisdiction foreign to our Constitution, and unacknowledged by our Laws; giving his Assent to their Acts of pretended Legislation:
FOR quartering large Bodies of Armed Troops among us;
FOR protecting them, by a mock Trial, from Punishment for any Murders which they should commit on the Inhabitants of these States:
FOR cutting off our Trade with all Parts of the World:
FOR imposing Taxes on us without our Consent:
FOR depriving us, in many Cases, of the Benefits of Trial by Jury:
FOR transporting us beyond Seas to be tried for pretended Offences:
FOR abolishing the free System of English Laws in a neighbouring Province, establishing therein an arbitrary Government, and enlarging its Boundaries, so as to render it at once an Example and fit Instrument for introducing the same absolute Rules into these Colonies:
FOR taking away our Charters, abolishing our most valuable Laws, and altering fundamentally the Forms of our Governments:
FOR suspending our own Legislatures, and declaring themselves invested with Power to legislate for us in all Cases whatsoever.
HE has abdicated Government here, by declaring us out of his Protection and waging War against us.
HE has plundered our Seas, ravaged our Coasts, burnt our Towns, and destroyed the Lives of our People.
HE is, at this Time, transporting large Armies of foreign Mercenaries to compleat the Works of Death, Desolation, and Tyranny, already begun with circumstances of Cruelty and Perfidy, scarcely paralleled in the most barbarous Ages, and totally unworthy the Head of a civilized Nation.
HE has constrained our fellow Citizens taken Captive on the high Seas to bear Arms against their Country, to become the Executioners of their Friends and Brethren, or to fall themselves by their Hands.
HE has excited domestic Insurrections amongst us, and has endeavoured to bring on the Inhabitants of our Frontiers, the merciless Indian Savages, whose known Rule of Warfare, is an undistinguished Destruction, of all Ages, Sexes and Conditions.
IN every stage of these Oppressions we have Petitioned for Redress in the most humble Terms: Our repeated Petitions have been answered only by repeated Injury. A Prince, whose Character is thus marked by every act which may define a Tyrant, is unfit to be the Ruler of a free People.
NOR have we been wanting in Attentions to our British Brethren. We have warned them from Time to Time of Attempts by their Legislature to extend an unwarrantable Jurisdiction over us. We have reminded them of the Circumstances of our Emigration and Settlement here. We have appealed to their native Justice and Magnanimity, and we have conjured them by the Ties of our common Kindred to disavow these Usurpations, which, would inevitably interrupt our Connections and Correspondence. They too have been deaf to the Voice of Justice and of Consanguinity. We must, therefore, acquiesce in the Necessity, which denounces our Separation, and hold them, as we hold the rest of Mankind, Enemies in War, in Peace, Friends.
WE, therefore, the Representatives of the UNITED STATES OF AMERICA, in GENERAL CONGRESS, Assembled, appealing to the Supreme Judge of the World for the Rectitude of our Intentions, do, in the Name, and by Authority of the good People of these Colonies, solemnly Publish and Declare, That these United Colonies are, and of Right ought to be, FREE AND INDEPENDENT STATES; that they are absolved from all Allegiance to the British Crown, and that all political Connection between them and the State of Great-Britain, is and ought to be totally dissolved; and that as FREE AND INDEPENDENT STATES, they have full Power to levy War, conclude Peace, contract Alliances, establish Commerce, and to do all other Acts and Things which INDEPENDENT STATES may of right do. And for the support of this Declaration, with a firm Reliance on the Protection of divine Providence, we mutually pledge to each other our Lives, our Fortunes, and our sacred Honor.
The 56 signatures on the Declaration appear in the positions indicated:
Thomas Heyward, Jr.
Thomas Lynch, Jr.
Charles Carroll of Carrollton
Richard Henry Lee
Thomas Nelson, Jr.
Francis Lightfoot Lee
Robert Treat Paine
Sunday, July 01, 2007
Online within the past hour or so, Sunday's Eureka Reporter has an article on the recently released Voter Confidence Committee Report on Election Conditions in Humboldt County (.pdf).
As in the past, I would say again that elections beat writer Rebecca S. Bender presents a fair piece with quotes from the VCC press release and one item straight out of the report, balanced with quotes from Registrar of Voters Carolyn Crnich. Bender does err in referring to the 20-page report as a 30-page report, but I suspect this will be quickly forgotten.
Of greater consequence, Crnich questions the relevance of some of the references in the timeline portion of the report. True, not everything in this section refers to equipment used in Humboldt. However, this series of brief paragraphs does include detailed information about the history of machine failures in Humboldt County, the results of hack tests on the same type of equipment used here, results of a statewide audit that found Humboldt was using uncertified software, the determination by the Department of Homeland Security that our central tabulator program, GEMS, is a threat to national security, and the finding that requisite independent testing of our equipment was not done.
You might argue we had enough with just those bits of info. But we felt it was important to place all of this against the backdrop of what was happening nationally, revealing that machines by other manufacturers were also failing or found to be highly vulnerable to tampering, that some elections counted by optical scanners were overturned by hand-counts, and that official reports by the GAO and Congressional committees found that votes had been lost and miscounted. This context is not irrelevant since we want readers to understand why the VCC would take a systemic approach to viewing and improving election conditions. No more secret vote counting!
In the Reporter article, Crnich attempts to marginalize the recommendations in the report by saying that the Humboldt Transparency Project makes most of them moot. With due respect to the Registrar, this is disingenuous. The Transparency Project allows for images of all ballots to appear on CDs so that any community member can do a recount and compare with the official results. The biggest problem with the implementation of this is that the CDs won't be available until after the election has been certified.
It is vital to get it right on election night because the prospects of later getting election results changed are prohibitively small. Just look at the various challenges to questionable Congressional results from last November. The VCC report even points out that Crnich is at greater risk by allowing the post-certification audits than she would we be if such review were possible before certification. The VCC does not oppose the Transparency Project but we do have some reservations about how it is to be deployed.
The Reporter article accurately quotes from the report: "The Transparency Project and hand counting are not mutually exclusive. The Transparency Project would be a welcome backup method of verification for hand counting, but it cannot make any secret vote-counting machines acceptable."