Thursday, December 18, 2008
Humboldt Envy?
Last week I posted a letter to the editor I had published in the Eureka Times-Standard (archive). It was written quickly on the morning of December 5, in the midst of the breaking news that the Humboldt County Election Transparency Project had revealed a failure in Diebold's GEMS central tabulator causing the County's certified election results from November to be proven inaccurate.
I sent the same letter to the North Coast Journal since there was also a breaking story on their website about it, even though it hadn't yet appeared in their weekly print edition. When that came out last Wednesday, I wasn't too surprised the letter wasn't published or that editor Hank Sims had editorialized about the story. So I used his column as the basis for yet another letter, which the Journal has published in this week's paper:North Coast Journal
It is tough to be timely in a weekly paper when commenting on a fluid situation. See my exclusive report from Wednesday morning about Humboldt County Registrar of Voters Carolyn Crnich announcing her intention to dump Diebold scanners in favor of similar secret corporate vote "counting" machines from Hart InterCivic. It is a major advance of the narrative above and has been republished at OpEdNews and Scoop.
Mail Box
12/18/08
Dear Editor:
Hank Sims now says Humboldt's official method of counting votes is an outrage ("Town Dandy," Dec. 11) and the Diebold/Premier folks "should be shunned. Maybe indicted." He may be late to the party, but the top hat and tails are always welcome.
Yes, Humboldt has joined Florida, Ohio, and towns and counties across the land who have experienced the failures of electronic voting. Our certification of inaccurate results has made national news and broken down some of the local wall of denial.
A December 7 editorial in The Times-Standard said local opponents of Diebold "were right to make noise, and right to complain about a company that has been less than responsible." Humboldt Registrar of Voters Carolyn Crnich told Wired.com in a Dec. 8 article, "this has sort of put a cloud over any confidence that I had in the Premier equipment that's been in this department since 1995."
Has Humboldt finally reached a tipping point? Are we ready to consider alternatives to Diebold? If so, a careful evaluation of the possibilities and input from a well informed community would be both appropriate and desirable.
I'd like to see more consistency in Sims' election integrity advocacy. And bottom line, I hope he'll push for a thorough examination of our options. A lot of work has already been done to facilitate evaluating hand-counting paper ballots, though Election Transparency Project volunteers may have other preferences and ideas to contribute to what could become the most envied process and dialog in the country.
Dave Berman, Eureka
Permalink:
http://wedonotconsent.blogspot.com/2008/12/humboldt-envy.html
Labels: Carolyn Crnich, Diebold, Eureka T-S, Hank Sims, Hart Intercivic, Humboldt County, Letter to the editor, North Coast Journal
Wednesday, December 10, 2008
Humboldt At The Tipping Point: Who Dares Defend Diebold?
Here in Humboldt County, CA a local story of national interest broke last Thursday on the websites of the Eureka Times-Standard (archive) and North Coast Journal. The next morning I wrote a letter to the editor that appeared in today's T-S (archive). I'll let this serve as a summary then provide links to much of what's been published already and add some further reasons for optimism at the bottom.Any defenders?
So here's a summary of links from the past several days, then I've got a few more observations.
Letters to the editor
Posted: 12/10/2008 01:15:38 AM PST
First I'd like to congratulate Kevin Collins, Tom Pinto, Mitch Trachtenberg, Parke Bostrom and all the volunteers of the Election Transparency Project.
Their work revealed a discrepancy caused by Humboldt's electronic voting equipment last month.
Over the last few years I've made many different arguments for getting rid of the Diebold (now Premier) equipment used to count votes in Humboldt County. Somehow it wasn't enough that they “count” in secret, can be easily manipulated without detection, and report results impossible in a legitimate election.
Somehow local decision makers weren't deterred from doing business with a company that admitted to illegally installing uncertified software here and elsewhere; that was sued in class action suits filed by company shareholders; and whose then -- CEO said he was “committed to helping Ohio deliver its electoral votes” to Bush in 2004.
Now we learn that Humboldt has finally experienced what is euphemistically called a “glitch.” In reality it was a bug in Diebold's central tabulation program, GEMS. This caused the results of November's election, already certified as accurate by Registrar of Voters Carolyn Crnich, to be proven inaccurate.
Worse still, Diebold knew about the bug at least four years ago and never fixed it. Other counties were made aware of the problem and told how to work around it. Crnich says she never knew, and I believe her.
This raises many questions, most important among them: Who dares defend the continued use of these machines and the county's relationship with Diebold/Premier?
Dave Berman
Eureka
T-S, 12/5/08: Software glitch yields inaccurate election results (archive)
T-S, 12/7/08 Local elections office commended (archive)
T-S Editorial, 12/7/08 - A glitch that should never have been (archive)
Wired - two Kim Zetter articles from 12/8/08:
Serious Error in Diebold Voting Software Caused Lost Ballots in California County
Unique Transparency Program Uncovers Problems with Voting Software
Election Transparency Project volunteers:
Parke Bostrom - http://hum.dreamhosters.com/etp/news/20081204.html (main site)
Mitch Trachtenberg - http://www.mitchtrachtenberg.com/ourvotes.html (main site)
Tom Pinto - http://humtp.com/
John Gideon & Brad Friedman at BradBlog.com, 12/8/08 - 'Humboldt Transparency Project' Reveals Diebold, U.S. Federal E-Voting Scam
The BradBlog piece includes this link to an .mp3 of Crnich with Brad on the Peter B. Collins show on the afternoon of 12/5/08.
* * *The fact that Diebold/Premier did not take the action to recall the systems, actually puts them into a situation where they may very well have violated federal law. The Help America Vote Act of 2002 Title III Section 301(a)(5) mandates an acceptable error rate for voting systems in use in federal elections. That error rate, not counting any error caused by an action of the voter, cannot exceed 0.00001%.
Parke Bostrom's post above describes how "deck zero" became the batch of ballots that were handled properly by the elections department, and yet vanished from the final certified total. He comments further that the audit log for the Diebold GEMS central tabulation software matched the wrongly decreased total:
However, in the case of the Humboldt County vote count, the error rate was 0.31%.
We have asked both the Secretary of State of California and the EAC if they plan to take action by asking the US Attorney Office to investigate this seemingly clear violation of federal law. Neither the CA SoS, nor the EAC has yet replied to our queries on that matter.This means the audit log is not truly a "log" in the classical computer program sense, but is rather a "re-imagining" of what GEMS would like the audit log to be, based on whatever information GEMS happens to remember at the end of the vote counting process.
This demonstrates the system will cover its tracks when reporting an inaccurate result, destroying assurances of built-in memory redundancies and making a mockery of logic and accuracy testing. Not just here, everywhere. Frankly this is just another example of something we've known a long time.
Crnich herself has been very interesting through all of this. In the "Serious Error..." article above, Zetter reports:Crnich told Threat Level the issue has made her question her confidence in the voting system because, even though the company provided officials with a workaround, the problem indicated a fundamental flaw in the company's programming. She said she'd heard a lot of stories from other election officials about problems with voting machines, but never thought they applied to California.
Crnich losing confidence of course should be music to our ears. She also said a great thing in the interview with Peter B., explaining why she's been willing to work with citizen volunteers. As Humboldt County Clerk/Recorder and Registrar of Voters, Crnich is an elected official and I'm glad she acknowledged a responsibility to listen to constituents.
"I've always sort of listened to those anecdotal incidents with a jaundiced ear because California has some very stringent requirements of election systems that are in use here as well as some very strict security procedures and I didn't think those things affected us here," she said. "But this has sort of put a cloud over any confidence that I had in the Premier equipment that's been in this department since 1995."
In all, the media coverage above practically lionizes Crnich, which I think goes too far. Consider this analogy. Someone builds a fire in the middle of their bedroom and burns down the house. Would this person be praised for the wisdom of having an insurance policy? Using secret corporate vote counting computers, whether by Diebold or any other vendor, is playing with fire.
I've been unable to reach Crnich by phone in the past two days, repeatedly getting voice mail that could not accept more messages.
Also today, The North Coast Journal came out with Hank Sims' "Town Dandy" column called Deck Zero. Sims writes in reference to the known failure of the GEMS central tabulation software:The fact that Diebold/Premier let it stand for over four years, potentially undermining the first principle of American democracy, is an absolute outrage. These people should be shunned. Maybe indicted.
Throw in a little validation from the T-S editorial board...:They were loud, and they were strident in proclaiming that they didn't trust election technologies as much as they trust the ability of actual human beings to count votes.
...and it is starting to sound like we may be at a tipping point here. You might expect me to be frothing about hand-counting paper ballots right about now. You'd be wrong. Thinking as an organizer, I would hope now to establish three things that would be widely agreeable throughout the community:
The recent discovery, thanks to the Humboldt County Election Transparency Project, of a discrepancy in election results due to flawed software reveals that these activists were right to make noise, and right to complain about a company that has been less than responsible in dealing with the problem.
That said, if this is the nature of the opportunity now, I will re-offer to the community the materials I've developed to evaluate hand counting, most notably the forecast tool (spreadsheet) for estimating time, cost and labor needs for hand-counting in the precinct on election night. Back in the summer of 2007, when I first made this public, Sims noted: "Initial twiddling with the numbers suggests that it wouldn't be all that time-consuming or costly -- and wouldn't you rather wait a few days and spend a little more for a trustworthy count?"
I'd like to see more consistency in Sims' election integrity advocacy. And bottom line, I hope he'll push for a thorough examination of Diebold alternatives, as I'm sure Transparency Project volunteers will have other preferences and ideas to contribute to what could become the most envied process and dialog in the country.
This is all another way of saying "what would be better" is an inclusive and engaging community dialog aimed at literally defining "better" than Diebold.
Permalink:
http://wedonotconsent.blogspot.com/2008/12/humboldt-at-tipping-point-who-dares.html
Labels: Brad Friedman, Carolyn Crnich, Diebold, Eureka T-S, Hank Sims, Humboldt Transparency Project, Kevin Collins, Mitch Trachtenberg, North Coast Journal, Parke Bostrom, spreadsheet tool, Tom Pinto
Friday, January 04, 2008
From Around The World, Inherent Uncertainty Comes Home To Roost
In his Town Dandy column this week, North Coast Journal editor Hank Sims does an excellent job of tracing the origin of a widely held misconception related to the now famous confrontation a few months ago between Rob Arkley, Eureka's wealthiest businessman, and Larry Glass, a member of the Eureka City Council. The matter has been referred to the state Attorney General. Meanwhile, Glass has taken umbrage at Sims' suggestion that at some point Glass "changed his mind about pressing charges." Glass alleges the confusion stems from erroneous reporting in the Eureka Times-Standard. Sims writes:It seemed to me that Glass' objection called for a bit of research. I'm certain that I'm not the only one who remembered that Glass seemed to originally signal that he was inclined to let the whole Arkley matter fade from memory as quickly as possible, and that he then seemed to have changed his mind. Was that understanding in error? Does it matter? I'm rather inclined to think it doesn't matter: People should be allowed to change their minds without penalty. But it mattered to Glass, and I stood accused of perpetuating a myth. So I figured I owed it to everyone to figure out the truth of the matter.
I say bully for Sims for taking this on. I leave it you, WDNC readers, to go back and follow Sims' trail. Of course it comes as no surprise that Sims' investigation led to the following conclusion:
I was unsuccessful. But here's what I found.So if I had to guess, I'd guess that this small little bit of uncertainty will join all the other, larger, stranger bits of uncertainty attached to that night that Rob Arkley got aggro on Larry Glass, shoving him or not shoving him, threatening to destroy him (or not), all in front of a roomful of society people who carefully and fastidiously failed to witness any of it.
Three sides to every story, right? It amuses me that Sims goes to such great length, doing really responsible journalism, only to reach a conclusion often described here at WDNC as inherent uncertainty. I have discussed this subject with Sims in the past, and he was either unwilling, unable, or incapable of acknowledging that unverifiable elections guarantee inconclusive outcomes, or inherent uncertainty. We see this elsewhere too, such as the "official story" of 9/11, which contains contradictions and scientific impossibilities; and more recently with varied explanations for the assassination of Benazir Bhutto.
Now it turns out that from beyond the grave, Bhutto has opened a whole new case file in the realm of inherent uncertainty. Interviewed by Sir David Frost less than two months prior to her slaying, Bhutto claims that Osama bin Laden was murdered. Frost does not pick up on this comment during the interview though in the past ten days or so this has been widely discussed.
Len Hart, blogging as the Existential Cowboy, has excavated some gems from the memory hole, citing first a Fox News story from 12/26/01 and then a New York Times column from 7/11/02, both reporting the death of bin Laden. Now of course both of these so-called news sources have subsequently published articles about new video or audio tapes supposedly from bin Laden. And certainly no corporate media have called the bluff of the "war on terror."
No, instead we have the intentional creation and perpetuation of inherent uncertainty. It serves the power structure to keep the masses divided. Wedge issues are just the most superficial and obvious ways. More insidious and apparently not as easy to recognize is the rift in the perception of reality created by inherent uncertainty. See Blueprint For Peaceful Revolution for more on this.
Americans have been turned against each other. I have previously described the Manchurian Nation, the support structure for society that has been indoctrinated to demonize dissent and conflate activism with terrorism. At OpEdNews.comtoday, Kathryn Smith raises awareness of one such example, a declassified FBI memo obtained by the ACLU. Under the heading "International Terrorism Matters," the Pittsburgh Division Joint Terrorism Task Force reports on groups planning peaceful protests. Of course this should surprise no one either, assuming you've familiarized yourself with the typical signs of fascism taking over your country.
A couple of other quick notes...following up on the series of posts I did on the DOJ case compelling NY state to comply with HAVA:http://hosted.ap.org/dynamic/stories/V/VOTING_MACHINES?SITE=FLTAM&SECTION=US
Also, today, Editor and Publisher (by way of BradBlog) gives a head's up for a "massive" article in this Sunday's New York Times about the problems with electronic voting. Put in perspective, this is not going to be a mea culpa for the Times being years behind the facts, and will instead be yet another way to (justifiably) increase the already (understandably) enormous doubts about election results. In other words, the Times is about to contribute greatly to creating more inherent uncertainty.
Jan 4, 7:42 PM EST
NY Sets Voting-Machine Upgrade Schedule
By RICHARD RICHTMYER
Associated Press Writer
ALBANY, N.Y. (AP) -- The New York Board of Elections on Friday gave a federal judge a timetable under which it plans to replace all of the state's lever-action voting machines by September 2009.
...
The Help America Vote Act requires New York to replace the mechanical pull-lever machines that were introduced in the state more than a century ago with high-tech machines. It also requires the state to provide at least one machine accessible to the disabled at each polling place.
State election officials have said part of the problem is that state requirements for voting machines are stricter than federal ones.
The plan submitted Friday doesn't say what kind of machines New York would use to comply with HAVA, but [election board spokesman, Lee] Daghlian said none of the touch-screen machines currently on the market meet state standards.
(similar AP story in Newsday)
Permalink:
http://wedonotconsent.blogspot.com/2008/01/from-around-world-inherent-uncertainty.html
Labels: 9/11, ACLU, AP, Benazir Bhutto, Existential Cowboy, fascism, Fox News, Hank Sims, inherent uncertainty, Larry Glass, Manchuran Nation, New York Times, Newsday, Rob Arkley, The Journal
Thursday, December 20, 2007
NY Judge Threatens To Jail NY Board of Elections (Was He Just Kidding?)
A quick search of Google News this morning just after 9am Humboldt Standard Time turned up this brief Newsday article posted just moments before (NOTE: the article currently at this link is an updated and much longer version):http://tinyurl.com/ynwtwo
That seems pretty heavy duty. Will members of the NY Board of Elections really be jailed? According to Election Defense Alliance attorney Jonathan Simon, who was in the Albany courtroom this morning, "the threat to jail the Board members was a rhetorical flourish, not a literal threat. It was more of the nature of, look, here is what my powers are, here is the scope of my options."
Judge says NY must comply with voting machine law by Jan. 4
12:03 PM EST, December 20, 2007
ALBANY, N.Y. - A federal judge is giving New York until Jan. 4 to comply with a federal election law to make voting more accurate and easier.
U.S. District Court Judge Gary Sharpe spent much of a court hearing Thursday expressing his disgust with the state for its failure to meet the requirements of the Help America Vote Act while every other state took action. He reminded officials several times he could jail members of the state Board of Elections for contempt of court.
If the state doesn't act by Jan. 4, Sharpe says he will consider establishing a "special master" _ perhaps Gov. Eliot Spitzer _ to force the state into compliance with the law, which was enacted after the contested 2000 presidential election.
Simon tells me the judge was clearly frustrated and angry and rejected the role of having to become involved in choosing voting systems. "The Judge wants a definitive plan as opposed to competing plans from the Republican and Democratic parties, which essentially become delay tactics. From the Judge's standpoint it is about getting it done and getting it done now. It is not about whether HAVA is good or bad or what other states are doing."
Was the hard work of the NY amici all for naught? It certainly doesn't appear to have influenced the Judge in our favor. But he didn't complete ignore us either. He took the time to slowly read the names of supporting organizations, "dealing with them in a formally respectful way," said Simon. Then adding, "but with a hint of derision."
Simon described "near-stroke" laughter from the Judge, "mocking California or Pennsylvania for trying to tell New York how it should run elections. What struck me," continued Simon, "was what he didn't get (and he had a lot on the ball) but what he didn't get was why everyone was weighing in, choosing not to acknowledge the national repercussions and why this transcended the timing or particulars of the state. To the judge it was cut and dry. He wants to see HAVA compliance and it appears and he was aligned with the DOJ argument."
Politics on the Hudson, a blog written by reporters and editors from Westchester, Rockland and Putnam counties, as well as Albany and Washington, reports that Judge Sharpe "berated state elections officials" and "said the situation makes him 'embarrassed' to be a New Yorker." The PotH article concludes:In a speech tinged with hyperbole, Sharpe asked if he needed to do what the late President Dwight D. Eisenhower did in 1957—call out the National Guard to force compliance with a federal court order. In that case, the military was sent to Little Rock, Ark., to enforce school desegregation. Black students were being blocked from entering a high school there.
So what about the copious evidence of machine failure and NY's high standards for certifying voting systems? Forgive me, but, Simon says, "The Judge doesn't care that no systems jibe with state requirements. Federal law trumps state. Federal law is preemptive. The judge is prioritizing meeting federal requirements, no matter how poorly conceived, rather than trying to satisfy state certification requirements."
"We didn’t let Little Rock, Ark., thumb its nose at the country, and we're not going to let New York thumb its nose at the country," he said.
As for what to expect next, Simon reports the Judge made a potential concession and may allow rolling compliance to occur through 2008, provided a firm plan for full compliance is in place for after that. Simon added: "NY has to come back by January 4 with a definitive plan. Since the Democrats' plan is the plan that has the most definitive time table, there was a strong urging that the plan should be modeled after the Democrats' "Zalen" plan."
Aside from what sounds like the spectacle of it all, this outcome can't really come as too much of a surprise. But it isn't the end for the work of the NY amici. The combined effort in detailing and forecasting the logistics of hand-counting paper ballots across New York will serve the election integrity movement just as pivotal reports in the past have become oft-quoted sources (i.e. Hursti Hacks, Bowen's Top To Bottom Review, etc.).
This is also a national story with a big local hook here in Humboldt. Continuing the outreach I wrote about last night, this morning I left a message for the Journal's Hank Sims (and a second one at the end of the day) and another for James Faulk at the Times-Standard. A call to T-S editor Rich Sommerville then confirmed my hunch that Faulk wasn't the reporter I should be looking for. He referred me to Kimberly Wear, who I spoke with at the end of the day, only to learn that the VCC media advisory and press release had never crossed her desk. She asked that I e-mail same and we'll see about coverage in the next few days.
While nothing in the above paragraph should be construed as awesome progress, you may say what you will about this newscast (.mp3) this afternoon on KGOE. My next call after the newspapers was Tom Sebourn, who recorded me detailing the Newsday article, the amicus brief which creates the local angle here, and finally the plug for Friday's Peter B. Collins show on which both Humboldt Registrar of Voters Carolyn Crnich and I will be appearing between 5-6pm HST. Rather than paraphrasing what I called in to tell Sebourn, he actually broadcast a lot more of the news segment in my voice and words than I would have imagined. Score.
At noon, new Voter Confidence Committee webmaster(!) Paula Long and I met with some of the members of the Redwood ACLU. Their prepared agenda included discussing support for the VCC hand-count proposal. However, certain key people were not present. While those of us in the room did discuss at length much of what I hoped would be covered, ultimately revising their draft statement was tabled until their January 17 meeting.
At the end of the day I also called the Registrar, leaving her the second message in as many days offering to touch base with her prior to the Peter B. show in order to familiarize her with the updates to the hand-count forecast tool (.xls) created in front of her eyes and now used across the country. And so it grows. I have received adapted or spin-off versions of the spreadsheet from several people in recent weeks, most recently today from Brian Rothenberger who has done a tremendously detailed analysis of hand-count needs in Monterey County, CA. If he is making it publicly available I'll post a link here soon.
UPDATE/CORRECTION 12/25 4:25pm: Sincere apologies to Brian Rothenberger. His spreadsheet was developed completely independently of mine. He was not even aware of my work at the time he developed his model, which he has not made available online at this time. While our two spreadsheets are entirely different in approach, layout, and various other aspects, what they have in common with each other and several additional forecast spreadsheets circulating in the election integrity movement is the tactic of creating quantifiable projections for hand-counting paper ballots. Should Registrars everywhere be able to do this on their own? Of course. But have they done the work? It does not appear so, particularly here in Humboldt, which is why the VCC is intent on ultimately presenting forecasts based on our Registrar's assumptions. Thanks also to Brian for suggestions now included my hand-count forecast tool (it is permanently archived there with a record of revisions embedded in comments).
Permalink:
http://wedonotconsent.blogspot.com/2007/12/ny-judge-threatens-to-jail-ny-board-of.html
Labels: ACLU, Carolyn Crnich, Election Defense Alliance, Hank Sims, James Faulk, Jonathan Simon, Judge Gary Sharpe, Paula Long, Politics on the Hudson, Rich Sommerville, US v NY Board of Elections, VCC
Wednesday, August 15, 2007
Diebold's Wobble (LTTE in the Journal)
WDNC readers know I've been closely following the Humboldt media reporting on "voting machines." Hank Sims at the Journal has been doing better than most lately and so I told him so in a letter to the editor published in this week's Journal, at newsstands as of today but not yet online (I don't think they publish letters online anyway, which is too bad). The full text is below.
One other quick note first and that's about the paper with the poorest record lately, the Eureka Times-Standard. Yesterday, along with two other members of the Voter Confidence Committee, I met with the T-S editorial board. I'll have more on that in the morning, when I'm told Thursday's paper will contain a guest opinion (My Word) column I wrote.The Journal
Permalink:
August 16, 2007
Page 4, "Mailbox"
Diebold's Wobble
Dear Editor:
These are words of encouragement for Hank Sims to continue writing about Humboldt County's election conditions. In his last two "Town Dandy" columns (Aug. 2 & 9), Sims made it real for our community that official state-sanctioned computer security experts, aka Red Team hackers, "made mincemeat of the machines, demonstrating a variety of ways to skew the vote." The machines in question are Humboldt's so-called "voting machines," optical scanners made by Diebold.
Sims succinctly summarized that our machines "could be easily jimmied and rendered inoperative." I will not stand by and let people say that all election reporting is as misleading as the Times-Standard's coverage ("County election system fares well in review," Aug. 8).
Sims has it right. He even got a sneak peak at the Voter Confidence Committee's new spreadsheet tool for creating labor, cost and time estimates for an all hand-counted election. This tool is now publicly available in conjunction with the VCC's new "Report on Election Conditions in Humboldt County." Both can be found at www.VoterConfidenceCommittee.org.
When Sims "twiddled" with the numbers, he found hand-counting "wouldn't be all that time-consuming or costly." This addresses a major misconception in the community. But for those who think having election night results is crucial, Sims also notes Secretary of State Debra Bowen's new prohibition on the use of modems to transmit precinct results to the election department headquarters, "which means that we will no longer have election night results."
Could hand-counting be faster, cheaper, and more accurate? Twiddle onward.
Dave Berman, Eureka
http://wedonotconsent.blogspot.com/2007/08/diebolds-wobble-ltte-in-journal.html
Labels: Diebold, Eureka Times-Standard, Hank Sims, The Journal, Voter Confidence Committee
Wednesday, August 08, 2007
What Have We Learned About Elections Lately?
CA Secretary of State Debra Bowen made a dramatic late-night announcement on Friday, August 3, presenting her certification decisions for the state's voting systems. Bowen completely decertified InkaVote, sold by ES&S and formerly used only in Los Angeles, because the source code was not submitted for review. All other equipment was decertified and recertified with new conditions for use, based in part on the reports (lower on same page as above link) of Bowen's Red Teams of computer security experts (see my summaries of the Diebold and Hart Intercivic reports). Some of these terms are vague or confusing, and I'll cover that in a bit.
What is clear to me is that the public is becoming more aware and more concerned about our election conditions. I have observed more people than ever having open discussions about Diebold, Bowen, and hand-counting paper ballots. More than a few people contacted me by e-mail in the past week to ask how to get involved. The increased interest in election integrity feels palpable to me.
While plentiful, Humboldt media coverage has been mixed, at best, while at other times presenting an alternate reality. On July 28, The Times-Standard gave us a headline of "Local election systems may be vulnerable to hackers" above a lede that makes clear local election systems ARE vulnerable to hackers. Today, a T-S headline read, "County election system fares well in review" - despite the Red Team reports of countless exploits found in our Diebold optical scanners.
Hank Sims had a little more on the ball in last week's Town Dandy column in the Journal: "...the hackers basically made mincemeat of the machines, demonstrating a variety of ways to skew the vote...The Red Team also verified that the optical scanning machines found at our precincts could be easily jimmied and rendered inoperative."
Having checked out the amazing calculator tool (.xls) I wrote about last week, Sims went on to address the feasibility of the Voter Confidence Committee's campaign for hand-counted paper ballots:Berman's suggestion: Ditch the machines and go to a pure hand-count of all votes cast. Initial twiddling with the numbers suggests that it wouldn't be all that time-consuming or costly -- and wouldn't you rather wait a few days and spend a little more for a trustworthy count?
I have no objection to being called "obsessive" when the same article makes my case this well. The new issue of the Journal is out but not yet online. Sims again writes about elections, referring to Bowen's "weekend massacre." The problems this will cause Humboldt are "relatively minor," says Sims, contrasting with the newly machine-less LA. True that.
However, I believe Sims understates things when saying that shoring up security for the GEMS central tabulator will merely mean "our elections office will have to change up procedure a bit." I leave it to the reader to re-trace my many prior references to the dangers of GEMS. Here I shall only point to the words from another of the reports provided to Bowen in her Top To Bottom Review (TTBR). This is from the Executive Summary of the Source Code Review of the Diebold Voting System:Vulnerability to malicious insiders
It doesn't get any more devastating than that. All the preening of Humboldt Registrar of Voters Carolyn Crnich is plainly phoney, and the media pandering to her is reprehensible. Sims gets a pass for his support of HCPB, but here is more bad journalism from the T-S ("E-voting order may have little impact here"), and without Rebecca S. Bender it seems the Eureka Reporter has gone mute on this subject, save a great letter to the editor submitted by VCC members Ruth Hoke and George Hurlburt.
The Diebold system lacks adequate controls to ensure that county workers with access to the GEMS central election management system do not exceed their authority. Anyone with access to a county's GEMS server could tamper with ballot definitions or election results and could also introduce malicious software into the GEMS server itself or into the county's voting machines.
Although we present several previously unpublished vulnerabilities, many of the weaknesses that we describe were first identified in previous studies of the Diebold system (e. g., [26], [17], [18], [19], [33], [23], and [14]). Our report confirms that many of the most serious flaws that these studies uncovered have not been fixed in the versions of the software that we studied.
Since many of the vulnerabilities in the Diebold system result from deep architectural flaws, fixing individual defects piecemeal without addressing their underlying causes is unlikely to render the system secure. Systems that are architecturally unsound tend to exhibit "weakness-in-depth"-even as known flaws in them are fixed, new ones tend to be discovered. In this sense, the Diebold software is fragile.
Due to these shortcomings, the security of elections conducted with the Diebold system depends almost entirely on the effectiveness of election procedures. Improvements to existing procedures may mitigate some threats in part, but others would be difficult, if not impossible, to remedy procedurally. Consequently, we conclude that the safest way to repair the Diebold system is to reengineer it so that it is secure by design.
What is happening is that Crnich and other Registrars throughout the state are in a highly defensive posture. Being forced to give up all their equipment would mean maximum uncertainty and the greatest amount of work. Instead, in fine CYA fashion, we see continued apologies for secret vote counting machines. You don't have to look all that closely to see the similarities in the rhetoric of Registrars and machine vendors such as Diebold. It is unconscionable that the results of Bowen's TTBR would make anyone more inclined to support "electronic voting machines." We're past the time of being surprised by such things, including the media's facilitation role. It is time we use these points against them. Ready for the first great example?
As Sims points out in his new column, Bowen has banned the use of modems for transmitting precinct results to the central tabulator. The VCC report addresses the risks of modems and obviously calls for their banishment as they are unnecessary with hand-counting. The beauty of what Sims says:"The machines will have to be physically delivered back to Elections HQ before the counting commences, which means that we will no longer have election night results."
Of course, one of the most common blusters we hear against HCPB is that it will take too long. We are now very close to having definitive proof that HCPB will be faster. The VCC continues to call upon Crnich to help us narrow down the range of estimates plugged into the calculator tool (.xls) for forecasting manpower needs and costs of hand-counting 100% of the paper ballots. And now, thanks to Sims, I believe we should hereby permanently lay to rest the canard of immediate election results being prioritized over accuracy.
Now, regarding Bowen's conditional certification of Diebold, the way she has this posted online, I'm unable to copy and paste text directly out of the document. So, here I'll just re-type brief references and encourage you to read the full document for yourself.
Page 2
"voting systems analyzed were inadequate to ensure accuracy and integrity of the election results...contain serious design flaws...which attackers could exploit to affect election outcomes...Diebold software contains vulnerabilities that could allow an attacker to install malicious software on voting machines and on the election management system, which could cause votes to be recorded incorrectly or to be miscounted, possibly altering election results...due to these shortcomings some threats would be difficult, if not impossible, to remedy with election procedures...with access only to the Windows operating system on the Diebold GEMS election management server supplied by Diebold and without requiring access to Diebold source code [Red Team members] were able to access the Diebold voting system server software and to corrupt the election management system database, which could result in manipulated voter totals or the inability to read election results, rendering an election impossible to complete electronically."
Page 3
"...without accessing Diebold source code, [Red Team members] gained access to the election management server to manipulate and corrupt the election management system database...some of these attacks could be carried out in a manner that is not subject to detection by audit, including review of the software logs."
[WDNC]: the next quote is from page four and it strikes me as contradictory and dangerously hypocritical (sorry Bowen)
Page 4
"...tampering with optical scan equipment...can be readily detected and corrected through hand counting of the optical scan paper ballots marked and directly verified by voters."
[WDNC]: First of all, this begs acceptance of the vulnerability. With various exploits described as difficult or impossible to detect, there is no justification for guaranteeing detection, let alone correction, with opscans. This puts an undue burden on the People whose rights are not being secured here, as a government is charged to do. Rules and regulations trying to promote public oversight must first clear the view with a more transparent method of counting votes.
Page 4
"...studies have shown that many voters do not review VVPAT [Voter Verified Paper Audit Trail] records and that test voters who do review VVPAT records to not detect many discrepancies that have been intentionally introduced..."
Page 5
"In order to provide accessible balloting to voters with disabilities in compliance with HAVA, jurisdictions may use no more than once AccuVote-TSx per polling place on Election Day."
[WDNC]: This refers to the touch screen models, not used in Humboldt. Registrars have been complaining about this and it is easy to understand why. They are either going to have massive logjams of voters all trying to vote on one machine where there used to be several or many, or they will urgently have to buy many new optical scanners, or they will have to resort to hand-counting.
Page 5
Requires "a 100% manual count of all votes cast on an AccuVote-TSx."
[WDNC]: This is astounding. Hand-counting 100% of the votes defeats the purpose of having the machine count them. My assumption is that Bowen's is trying to discourage use of the touch screen machines and so the hope would be for relatively few votes cast this way in need of being hand-counted.
Page 6
"Before any use in the February 5, 2008, Presidential primary election, jurisdictions must reinstall all software and firmware (including reformatting all hard disk drives and reinstalling the operating system where applicable) on all election management system servers and workstations, voting devices and hardware components of the voting system. Voting system application software must be reinstalled using the currently approved version obtained directly from the federal testing laboratory or the Secretary of State."
Page 7
"Within 30 days of the date of this document, the vendor must develop and submit to the Secretary of State for approval, a plan and procedures for timely identification of required security updates (e.g., operating system security patches, security software updates, etc), vendor testing of the updates, and secure distribution and application of vendor-approved security updates."
[WDNC]: Why should we have confidence in the machines in their newly approved form when the expectation is that more security flaws will be found? Avi Rubin makes a similar observation. This page also inexplicably allows for networking, though it does have the modem prohibition. It also makes reference to the two-person rule which I believe goes back to the Feb. 2006 VSTAAB report, which recommends that optical scanners and memory cards never be in anyone's sole possession. This would seem to preclude sleepovers, however, page 9 seems to allow poll workers to take home machines prior to Election Day.
Page 8
"Upon request, members of the public must be permitted to observe and inspect, without physical contact, the integrity of all externally visible security seals used to secure voting equipment in a time and manner that does not interfere with the conduct of the election or the privacy of any voter."
[WDNC]: This is looks great on paper but we've seen Registrars plainly obstruct the access of citizens to their Democracy. This should carry a severe criminal penalty. Page 8 also requires posting of poll tapes, another apparent victory that in reality carries no weight. As the VCC learned last November, precinct poll tapes are useless when the County never provides as a basis for comparison raw precinct scanner data that has not been combined with absentee or other ballots not cast on the scanner in the precinct on Election Day.
Page 8
"Any post-election auditing requirements imposed as a condition of this certification shall be paid for by the vendor. Jurisdiction users are required to conduct the audits and the vendor is required to reimburse the jurisdiction."
[WDNC]: I'm getting near the end now. Just a few more stray notes, such as page 9 continuing the requirement (begun under McPherson?) that counties submit a post-election problem report to the SoS. Page 10 describes how to deal with machines whose security has been compromised, and also machines that have been rebooted or which have rebooted themselves. The bottom of page 11 and the top of page 12 is a bit troublesome. It attempts to put vendors on the hook for warrantying their equipment, but all it really does is say they have to stand by their word and repair equipment at their expense when they have been caught lying again. This is not nearly strict enough. Finally, page 12 expands the requirement for vendors to give the SoS a copy of the source code, in addition to placing a copy in escrow.
So, what have we learned about elections lately?
Permalink:
http://wedonotconsent.blogspot.com/2007/08/what-have-we-learned-about-elections.html
Labels: Carolyn Crnich, Debra Bowen, Diebold, Eureka Reporter, Eureka Times-Standard, hand-counting paper ballots, Hank Sims, The Journal, Voter Confidence Committee, VSTAAB
Monday, July 30, 2007
Bowen Review Lights Up Humboldt Media
Following up on Friday night's post (Bowen's Red Team Compromises Each Voting System Tested) where I excerpted from the Diebold report, (much later) tonight I will present several items from the Hart Intercivic report, which also has relevance here in Humboldt. But first, a check of the local media.
The Eureka Times-Standard was first out of the gate on Saturday morning (archive). There are two things I have to point out about this article. The story's lede, sets the stage:Local election systems may be vulnerable to hackers
I don't know that Faulk could have written a more straight up or accurate intro to this story. It makes it clear that hackers ARE able to hack into Humboldt voting systems. Then why does the headline say merely that the machines MAY be vulnerable to hackers?
James Faulk/The Times-Standard
Article Launched: 07/28/2007 04:21:31 AM PDT
EUREKA -- A team of University of California computer scientists were able to hack into several voting systems used by California counties, including the two systems currently used in Humboldt County, the secretary of state announced Friday.
The second comment I have about this article pertains to the last two paragraphs:Humboldt County Registrar of Voters Carolyn Crnich said it's unclear under what conditions the tests were prepared.
As I noted in the comments on the T-S website, the introduction of this report dismisses the Registrar's dodge:
"It's my understanding that the red team attacks that were made during the top-to-bottom review did not take into consideration the security efforts or guidelines that had been added by former Secretary of State Bruce McPherson -- so whether or not the systems could be penetrated with those other security guidelines in place, I don't know," Crnich said.In developing our attacks, we made no assumptions about constraints on the attackers. "Security through obscurity" – or the practice of assuming a veneer of security by relying on attackers not having access to protocol specifications or of using tools that are perceived to be difficult to acquire – is not an acceptable option for any system that can't afford to have its security compromised. Our study examined what a dedicated attacker could accomplish with all possible kinds of access.
Quoting myself from the T-S site...The greatest threat to our election systems comes not from an individual voter, but rather from insiders at the elections department or working for the machine vendor (Diebold). These are the people with the greatest access to these exploits who can secretly make large scale changes that will never be detected...I go on to say some other things but that's the gist for this post.
Now, the next article to land will be in Tuesday's Eureka Reporter. The story has been online for maybe an hour now. It is kind of strange. There is no byline and I'm the only person quoted other than a Bowen press release. The headline is: "Audit standards review group releases report." This refers to yet another component of Bowen's Top To Bottom Review (TTBR). Check out the 38-page report as a .pdf here. This article is comprised almost entirely of excerpts from the report and then concludes with quotes from me.
I believe the person who called me said her name was Laura. She sounded young and a little uncertain. She told me former elections beat writer Rebecca S. Bender had left the paper as of Friday last week. I knew about this because a few months ago at an Election Advisory Committee meeting, David Cobb inadvertently "outed" Rebecca's planned departure before she really wanted people to know. I had no reason to mention it until now but I do wish her well. So anyway, Laura asked for a comment on this new standards review report that came out today. I declined to comment since I hadn't read it. She then asked about the other related reports and we had a more general conversation about what is happening. Here's what she used:Though he had not yet seen the report, Dave Berman, one of the founding members of the local Voter Confidence Committee, said he is aware that other studies have been conducted recently regarding the voting process in California, and said he looks forward to Bowen's announcement on Friday as to what action she plans to take.
It seemed out of place at the end of this article but then I'm not sure I've ever had a better quote!
Berman said the Voter Confidence Committee promotes the idea of handcounting 100 percent of the ballots the first time around and recounting 10 percent for the audit. He said simply increasing the percentage recounted in the audit is like "putting a Band-Aid on a gunshot wound" when the first count is performed by machines.
Hank Sims from The Journal and also KHUM called me today too, presumably for his Town Dandy column due out on Wednesday. We actually spoke twice, and in between he spoke with Registrar Crnich. That made our second chat very interesting. During that time he also got to look at something I am now making public for the first time.
This is a spreadsheet that allows you to enter different variables, such as how many precincts are in your county and the average number of ballots cast per precinct. All together, the numbers you enter will then estimate how many ballot counters you need and what it will cost to pay them to do an all hand-count election. The Voter Confidence Committee will be incorporating this great new tool into the next iteration of our Report on Election Conditions in Humboldt County, CA. I don't know when that will happen. Meanwhile, election integrity advocates working for HCPB anywhere will find this tool useful. We all owe a debt of gratitude to Nancy Tobi and Democracy For New Hampshire. It is their recent presentation that provided me with the formula for creating the calculator. [NOTE: The presentation was actually made by NH Assistant Secretary of State Anthony Stevens – WNDC regrets the error.]
I have a feeling that after I've heard from a few people about the calculator I'll probably want to make it the centerpiece of another post instead of burying this announcement 80,000 paragraphs under the sea. At any rate, back to Hank Sims.
He asked me if I felt vindicated by these new reports. I told him I would not use that word. It suggests I had previously been thought wrong but now stand affirmed. The truth is that the findings of Bowen's TTBR explicitly state that previous exploits were again confirmed. Anybody coming around to these findings of fact really can't plausibly explain previously thinking otherwise.
Sims informed me that Registrar Crnich took a position with him that was similar to the one she took in the T-S piece above. Having already addressed this once, I realized it wasn't just sounding familiar from the Registrar. Moments before I got the first Sims call, I was looking at a document I had just received from the indefatigable Tom Courbat of Sav-R-Vote in Riverside County, CA. Click here for "the corporate line" by Sequoia, attempting to explain away all the findings of Bowen's Red Team members. I never did finish reading it, but its "those aren't the droids you're looking for" tone pretty much parallels what our Registrar was trying to pull off.
Plain and simple: there is no way to spin these reports to make the machines look good. Their time has passed. We've reached a tipping point of public consciousness where secret vote counting machines are completely unacceptable and public officials who continue to defend them do so at the risk of their own credibility.
Finally, as promised at the beginning of this marathon post, here are excerpts from Bowen's Red Team report on Hart Intercivic. These first two passages are identical to wording in the Diebold report. There are several other passages in common.page 1
In developing our attacks, we made no assumptions about constraints on the attackers. "Security through obscurity" – or the practice of assuming a veneer of security by relying on attackers not having access to protocol specifications or of using tools that are perceived to be difficult to acquire – is not an acceptable option for any system that can't afford to have its security compromised Our study examined what a dedicated attacker could accomplish with all possible kinds of access.
p.10
Our study was constrained by the short time allowed. The vulnerabilities identified in this report should be regarded as a minimal set of vulnerabilities. (emphasis in original)
p.11
The Red Team, working in close conjunction with the 2007 TTBR Hart Source Code Team, discovered that the Hart EMS software implicitly trusts all communication coming from devices appearing to be Hart-branded and neither authenticates the devices nor performs adequate input validation on data transmitted to it by the devices. This allows for the possibility that a compromised device, such as an eScan that had been tampered with at a polling station, could infect the EMS systems. In particular, the Source Code Team discovered a weakness in the code that would allow an eScan to perform a buffer overflow attack and execute arbitrary code on the computer running SERVO.
...
The team was also able to access device-level menus that should be locked with passwords but were not. This access could allow an attacker a vector for altering configuration settings and/or executing a denial of service on the eScan.
Some of the findings from previous studies on precinct count optical scanners were replicated on the eScan, and they allowed the Red Team to maliciously alter vote totals with the potential to affect the outcome of an election. These attacks were low-tech and required tools that could be found in a typical office.
The Red Team implemented an attack devised by the 2007 TTBR Hart Source Code Team that was able to extract election-sensitive information from the eScan and issue administrative commands to the eScan. The leaked information would allow an attacker the ability to execute further attacks, while administrative commands issued to the eScan could erase electronic vote totals and audit records from an eScan while putting it out of service for the remainder of the Election Day. For more details on these attacks, please see the 2007 TTBR Hart Source Code Team report.
3. JBC
The Red Team verified previous findings on the JBC regarding access code generation and also discovered that a surreptitious device could issue commands that caused the JBC to authorize access codes. If the JBC is in early voting mode, it will not print receipts for the access codes issued. If the JBC is in regular election mode, it prints a receipt each time an access code is issued. When in early voting mode, an attacker could attach the surreptitious device to the JBC. (Note: the surreptitious device is easily concealable in one hand.) After waiting for about a minute, while all possible access codes are issued, the attacker could then proceed to cast multiple ballots using any access codes.
Additionally, the team expanded on previous findings that the MBB in the JBC is vulnerable to tampering during an election. Extracting the MBB from within the JBC during an election and tampering with it without detection would probably require poll worker access, but the team was able to prove that this access would be sufficient to alter vote totals – and in such a manner that it would not be detected in the course of normal operation, though a very thorough audit might reveal it. Furthermore, the team found that post-election MBB tampering safeguards (by which we mean only the technological safeguards, not procedural safeguards such as the use of tamper-evident seals) are insufficient to guarantee that such tampering would be detected. Thus, the team is confident that post-election MBB tampering would succeed in many, if not all, instances.
Finally, the Red Team collaborated with the 2007 TTBR Hart Source Code Team to decode the protocol used for communication between the JBC and eSlates. This protocol does not authenticate the devices on the bus (the communication line), so all communication is considered trusted. The teams were able to intercept the communication, but they were unable to get an exploit working to interrupt or manipulate the communication; this, again, was due to time constraints. Full details of this work can be found in the 2007 TTBR Hart Source Code Team report. The teams are confident that, given more time, they could craft a device that could maliciously alter vote totals and violate voter privacy.
p.14
IV. Successful Attack Scenarios
The following attack scenarios were successfully carried out in the laboratory environment of the Secretary of State’s testing facility.
1. Attack Scenario 1
In this scenario, a malicious voter prepares a surreptitious device and brings it with her to the polling station during early voting. She registers as usual and is issued an access code. Before she leaves the registration table, however, she quickly connects her device to the JBC and converses with the poll workers for a brief time—thirty to forty seconds should suffice. She proceeds to an eSlate and casts a ballot normally. She then enters arbitrary access codes and casts ballots at will, continuing to do this for as long as she suspects she will be unchallenged in the voting booth, casting an arbitrary number of ballots. This results in an electronic ballot box stuffing attack.
In an early voting situation, when the JBC doesn't print out a ballot access receipt each time an access code is issued, the Polls Suspended Report (automatically printed by the JBC) will indicate an unusually large number of access codes issued and more ballots cast than voters who checked in at the registration desk when polling concludes. In regular election mode, this problem would likely be detected much sooner, since the JBC is designed to print a ballot access receipt each time an access code is issued by the machine.
2. Attack Scenario 2
In this scenario, a malicious poll worker finds an opportunity after the close of polls to alter the contents of the MBB using his personal laptop. The attacker identifies ballots containing votes for a candidate he doesn't want to win the election and overwrites those ballots with records containing votes for a candidate he does want to be successful. After tampering with the MBB, the attacker replaces it in the expected chain of custody. The technological safeguards for detecting this tampering are insufficient and can, by default, go unobserved. This results in altered vote totals that can only be detected in the event of a manual recount of eSlate VVPAT records.
3. Attack Scenario 3
In this scenario, a malicious observer uses a remote device to capture the audio narration – including the narration associated with a voter's actual voted ballot – from an eSlate with audio capabilities. She is able to observe voters walking up to the eSlate and match them to the audio narration she is capturing, allowing her to violate a voter's right to privacy by linking voters to their vote selections.
...
p. 16
VI. Conclusions
Although the Red Team did not have time to finish exploits for all of the vulnerabilities we discovered, nor to provide a complete evaluation of the Hart voting system (System 6.2.1), we were able to discover attacks for the Hart system that could compromise the accuracy, secrecy, and availability of the voting systems and their auditing mechanisms. That is, the Red Team has developed exploits that – absent procedural mitigation strategies – can alter vote totals, violate the privacy of individual voters, make systems unavailable, and delete audit trails.
Permalink:
http://wedonotconsent.blogspot.com/2007/07/bowen-review-lights-up-humboldt-media.html
Labels: Debra Bowen, Diebold, Eureka Reporter, Eureka Times-Standard, Hank Sims, Hart Intercivic, James Faulk, KHUM, Rebecca S. Bender, The Journal, Voter Confidence Committee
