January 31, 2004

TODAY'S EDITORIALS

How to Hack an Election

Concerned citizens have been warning that new electronic voting technology being rolled out nationwide can be used to steal elections. Now there is proof. When the State of Maryland hired a computer security firm to test its new machines, these paid hackers had little trouble casting multiple votes and taking over the machines' vote-recording mechanisms. The Maryland study shows convincingly that more security is needed for electronic voting, starting with voter-verified paper trails.

When Maryland decided to buy 16,000 AccuVote-TS voting machines, there was considerable opposition. Critics charged that the new touch-screen machines, which do not create a paper record of votes cast, were vulnerable to vote theft. The state commissioned a staged attack on the machines, in which computer-security experts would try to foil the safeguards and interfere with an election.

They were disturbingly successful. It was an "easy matter," they reported, to reprogram the access cards used by voters and vote multiple times. They were able to attach a keyboard to a voting terminal and change its vote count. And by exploiting a software flaw and using a modem, they were able to change votes from a remote location.

Critics of new voting technology are often accused of being alarmist, but this state-sponsored study contains vulnerabilities that seem almost too bad to be true. Maryland's 16,000 machines all have identical locks on two sensitive mechanisms, which can be opened by any one of 32,000 keys. The security team had no trouble making duplicates of the keys at local hardware stores, although that proved unnecessary since one team member picked the lock in "approximately 10 seconds."

Diebold, the machines' manufacturer, rushed to issue a self-congratulatory press release with the headline "Maryland Security Study Validates Diebold Election Systems Equipment for March Primary." The study's authors were shocked to see their findings spun so positively. Their report said that if flaws they identified were fixed, the machines could be used in Maryland's March 2 primary. But in the long run, they said, an extensive overhaul of the machines and at least a limited paper trail are necessary.

The Maryland study confirms concerns about electronic voting that are rapidly accumulating from actual elections. In Boone County, Ind., last fall, in a particularly colorful example of unreliability, an electronic system initially recorded more than 144,000 votes in an election with fewer than 19,000 registered voters, County Clerk Lisa Garofolo said. Given the growing body of evidence, it is clear that electronic voting machines cannot be trusted until more safeguards are in place.

Copyright 2004 The New York Times Company

Unfortunately this was the best way they could think for the US troops in Iraq to vote in the elections. They are probably not going to do it because of security concerns. Does anyone know if the troops will still be able to vote somehow?

This is a great site concerning digital voter fraud:

http://www.blackboxvoting.org/

The creator of the site, and various other liberal activists sites, got sued by Diebold for releasing an internal memo exposing their voting machines weaknesses. Diebold claimed that publishing the memo was unfair use of their material without their consent (copyright violation).

IT'S NOT RIGHT THAT THEY USE OUR FAULTY DESIGNS FOR THEIR PROFIT!!!!

OUR MISTAKES ARE COPYRIGHTED!!!!!!

:P

February 7, 2004

Electronic Voting: Not Ready for Prime Time (3 Letters)

To the Editor:

Re "How to Hack an Election" (editorial, "Making Votes Count" series, Jan. 31):

Insecure voting machines undermine every American's faith in our democracy. Immediate action must be taken to prevent a repeat of the 2000 presidential election.

But simply requiring a voter-verified paper trail on electronic voting machines is a dangerously naïve solution.

If the machines are so easy to hack into, what would prevent someone from changing the software so that the machine prints out a vote for one candidate and records electronically a vote for the other?

It is obvious that electronic voting machines are not yet ready for use in a national election. Technologies like the simple paper ballot have sufficed for centuries, and can do so for a few more years.

Safeguarding our democracy is paramount. I, like most Americans, am not yet willing to entrust our democracy to voting machines whose security is so remarkably sub-par.

CONOR K. GATELY
Middletown, Conn., Jan. 31, 2004

•

To the Editor:

I know of no better way to undermine democracy than to adopt a computerized voting system in which people have no confidence ("How to Hack an Election," editorial, Jan. 31).

Let the computer industry eliminate the possibility of hacking. Then it can sell computerized voting. The same people who can steal your identity can steal your vote.

P. L. ADOMEIT
Springfield, Mass., Jan. 31, 2004

•

To the Editor:

Re "How to Hack an Election" (editorial, "Making Votes Count" series, Jan. 31):

Have you ever agreed to arrive at a decision by the toss of a coin?

How would it be if the person doing the tossing also does the catching, slaps it on the back of his hand, and then proclaims that chance has favored him, without giving you the opportunity of seeing the proof?

"Electronic voting" without a paper trail is the same thing.

DANIEL P. QUINN
St. Petersburg, Fla., Feb. 5, 2004

Copyright 2004 The New York Times Company

May 23, 2004

Demand Grows to Require Paper Trails for Electronic Votes

By KATHARINE Q. SEELYE

WASHINGTON, May 22 - A coalition of computer scientists, voter groups and state officials, led by California's secretary of state, Kevin Shelley, is trying to force the makers of electronic voting machines to equip those machines with voter-verifiable paper trails.

Following the problems of the 2000 election in Florida, a number of states and hundreds of counties rushed to dump their punch card ballot systems and to buy the electronic touch screens. Election Data Services, a consulting firm that specializes in election administration, estimates that this November 50 million Americans - about 29 percent of the electorate - may be voting on touch screens, up from 12 percent in 2000.

But in the last year election analysts have documented so many malfunctions, including the disappearance of names from the ballot, and computer experts have shown that the machines are so vulnerable to hackers, that critics have organized to counter the rush toward touch screens with a move to require paper trails.

Paper trails - ballot receipts - would let voters verify that they had cast their votes as they intended and let election officials conduct recounts in close races.

Not everyone agrees that paper trails are necessary, or even advisable. Numerous local election officials - the ones who actually conduct elections - argue that paper trails could create worse problems than the perceived ones that they are intended to cure. They warn of paper jams, voter confusion and delays in the voting booth while voters read their receipts.

There are no national standards to help resolve the disputes. The federal commission that Congress created after 2000 to guide states is behind schedule, and the research body that was supposed to set standards for November 2004 has not even been appointed. So states, prompted by voter organizations, are taking matters into their own hands.

Nevada, which is using touch screens in all its voting precincts this November, has become the first state to require the manufacturer to attach printers in time for Election Day.

California is requiring voter-verified paper trails for any electronic machines that counties in the state buy after November; for this November, it has banned touch-screen machines unless counties meet certain security standards. Three counties are suing the state to overturn the ban and a fourth has said it plans to use the touch screens anyway.

Mr. Shelley said he was requiring counties to allow voters to vote on paper if they wanted to, even if there were no apparent problems with the touch screens. "It's a voter-confidence issue," he said in an interview. "It should be a no-brainer."

More than a dozen other states are considering legislation to require paper backups, and Congress, which had left the matter on the back burner, is considering several similar proposals.

"People are demanding this," said Representative Rush D. Holt, a New Jersey Democrat who has introduced a bill to require that by November, all voters be able to cast ballots that they can verify. This would entail either retrofitting touch screens with printers or requiring a county to go back to a paper-based system like optical-scan equipment or even punch cards.

Election groups, spurred to organize after a report last July from computer security experts at Johns Hopkins University warned of touch-screen pitfalls, have encouraged a voter revolt. During the primaries this spring, groups like the Campaign for Verifiable Voting urged thousands of voters in various states to cast paper ballots rather than use touch screens without paper trails.

Unfortunately for voters in Maryland who followed that suggestion, though, local officials ruled that those paper ballots were invalid and did not count them.

"The Maryland primary was a very instructive learning experience for all activists," said Kim Alexander, president and founder of the California Voter Foundation, a grass-roots watchdog group in Sacramento that is helping to organize voter groups across the country.

"There are movements in a lot of states, and we're sharing information," she said. She said she took it as a mark of success that 75 percent of the voting jurisdictions in the country will be using the same equipment in November as they used in 2000.

"I'd rather have voters vote on punch cards than on an electronic system that can't be verified," she said.

Ohio is the latest state to hit the paper trail. Earlier this month, Gov. Bob Taft, a Republican, signed legislation requiring all counties to have paper trails with their touch-screen machines by November 2006. But the law also allows counties to use the machines this November without paper trails.

Some officials, like state Senator Teresa Fedor, Democrat of Toledo, said this made no sense. If a paper trail is so important, she asked, why should voters go through even one election without them - especially in a state where the presidential vote could be close. She successfully argued to the Legislature that Ohio counties should be able to postpone buying the machines. "There are too many concerns for us to keep a blind eye," she said.

As a result, elections boards in 31 counties are debating whether to postpone their purchases. Since Governor Taft signed the bill, 18 have voted to wait.

"Ohio is the big struggle state right now," said Will Doherty, executive director of VerifiedVoting.org, a group advocating for paper trails.

Doug Chapin of Electionline.org, a clearinghouse for election information set up by the Pew Charitable Trust, said that Ohio was "rolling the dice" to see whether paper trails were necessary.

"You can either build a fence around a cliff or put an ambulance in the valley," he said. "The paper trail is the ambulance in the valley. Certifying the machines and testing them in the first place to make sure they are secure is the fence around the cliff."

But even as some states clamor for paper trails, machines equipped to provide them are scarce.

David L. Dill, a professor of computer science at Stanford University and founder of VerifiedVoting.org, said that models with paper trails had been tested in only a few counties. And a handful of small manufacturers provide them.

Officials from several large manufacturers have said that they could produce paper trails if they were required to, but they have so far resisted, arguing that they are unnecessary.

If more jurisdictions require them, though, vendors want to be first in line for the potentially lucrative contracts. Should a big state like New York, for example, which is considering making paper trails mandatory, joins California, the industry could probably gear up quickly.

Howard Cramer, vice president for sales at Sequoia Voting Systems, which is providing Nevada with its touch screens and printers, said that the company had no worries about the security and accuracy of its touch screens. He said he saw putting printers in Nevada as a useful experiment because other jurisdictions will require them, although he said he expected voters to become so comfortable with touch screens that they would soon drop the fad for paper trails.

Copyright 2004 The New York Times Company

May 30, 2004

IDEA LAB

A Really Open Election

By CLIVE THOMPSON

http://graphics7.nytimes.com/images/2004/05/28/magazine/30essay.184.jpg

This fall, as many as 20 percent of American voters will be able to cast their ballots on A.T.M.-style electronic voting machines. But to put it mildly, these machines -- where you simply touch a screen and a computer registers your vote -- have not inspired much confidence lately. North Carolina officials recently learned that a software glitch destroyed 436 e-ballots in early voting for the 2002 general election. In a Florida state election this past January, 134 votes apparently weren't recorded -- and this was in a race decided by a margin of only 12 votes. Since most of the machines don't leave any paper trail, there's no way to determine what actually happened. Most alarmingly, perhaps, California's secretary of state recently charged that Diebold -- the industry leader -- had installed uncertified voting machines and then misled state officials about it.

Electronic voting has much to offer, but will we ever be able to trust these buggy machines? Yes, we will -- but only if we adopt the techniques of the ''open source'' geeks.

One reason it's difficult to trust the voting software of companies like Diebold is that the source code remains a trade secret. A few federally approved software experts are allowed to examine the code and verify that it works as intended, and in some cases, states are allowed to keep a copy in escrow. But the public has no access, and this is troublesome. When the Diebold source code was accidentally posted online last year, a computer-science professor looked at it and found it was dangerously hackable. Diebold may have fixed its bugs, but since the firm won't share the code publicly, there's no way of knowing. Just trust us, the company says.

But is the counting of votes -- a fundamental of democracy -- something you want to take on faith? No, this problem requires a more definitive solution: ending the secrecy around the machines.

First off, the government should ditch the private-sector software makers. Then it should hire a crack team of programmers to write new code. Then -- and this is the crucial part -- it should put the source code online publicly, where anyone can critique or debug it. This honors the genius of the open-source movement. If you show something to a large enough group of critics, they'll notice (and find a way to remove) almost any possible flaw. If tens of thousands of programmers are scrutinizing the country's voting software, it's highly unlikely a serious bug will go uncaught. The government's programming team would then take the recommendations, incorporate them into an improved code and put that online, too. This is how the famous programmer Linus Torvalds developed his Linux operating system, and that's precisely why it's so rock solid -- while Microsoft's secretly developed operating systems, Linux proponents say, crash far more often and are easier to hack. Already, Australians have used the open-source strategy to build voting software for a state election, and it ran like a well-oiled Chevy. A group of civic-minded programmers known as the Open Voting Consortium has written its own open-source code.

But if our code were open, wouldn't cyberterrorists or other outlaws be able to locate flaws and possibly rig an election? Well, theoretically -- except that it's highly unlikely that they could spot an error that escaped thousands and thousands of scrutineers. Indeed, it may be far easier to infiltrate a private-sector company and tamper with its software. Diebold, after all, kept quiet about the bugs it found in its programs -- including one that subtracted more than 16,000 votes from Al Gore in a single Florida country during the initial vote counting in the 2000 election. Open-source enthusiasts, by contrast, are precisely the sort of people you'd like to see inspecting the voting code; they're often libertarian freaks, nuttily suspicious of centralized power, and they'd scream to the high heavens if they found anything wrong.

From the classification of documents to the refusal to name detainees, the Bush administration's actions show a high regard for secrecy. In essence, it's hiding its code, too. Inside such closed systems, nasty things can happen, as we're learning to our chagrin. Perhaps a blast of open-source candor is exactly what America needs right now.

Clive Thompson writes frequently for the magazine about science and technology.

Copyright 2004 The New York Times Company

May 30, 2004

MAKING VOTES COUNT

Who Tests Voting Machines?

Whenever questions are raised about the reliability of electronic voting machines, election officials have a ready response: independent testing. There is nothing to worry about, they insist, because the software has been painstakingly reviewed by independent testing authorities to make sure it is accurate and honest, and then certified by state election officials. But this process is riddled with problems, including conflicts of interest and a disturbing lack of transparency. Voters should demand reform, and they should also keep demanding, as a growing number of Americans are, a voter-verified paper record of their vote.

Experts have been warning that electronic voting in its current form cannot be trusted. There is a real danger that elections could be stolen by nefarious computer code, or that accidental errors could change an election's outcome. But state officials invariably say that the machines are tested by federally selected laboratories. The League of Women Voters, in a paper dismissing calls for voter-verified paper trails, puts its faith in "the certification and standards process."

But there is, to begin with, a stunning lack of transparency surrounding this process. Voters have a right to know how voting machine testing is done. Testing companies disagree, routinely denying government officials and the public basic information. Kevin Shelley, the California secretary of state, could not get two companies testing his state's machines to answer even basic questions. One of them, Wyle Laboratories, refused to tell us anything about how it tests, or about its testers' credentials. "We don't discuss our voting machine work," said Dan Reeder, a Wyle spokesman.

Although they are called independent, these labs are selected and paid by the voting machine companies, not by the government. They can come under enormous pressure to do reviews quickly, and not to find problems, which slow things down and create additional costs. Brian Phillips, president of SysTest Labs, one of three companies that review voting machines, conceded, "There's going to be the risk of a conflict of interest when you are being paid by the vendor that you are qualifying product for."

It is difficult to determine what, precisely, the labs do. To ensure there are no flaws in the software, every line should be scrutinized, but it is hard to believe this is being done for voting software, which can contain more than a million lines. Dr. David Dill, a professor of computer science at Stanford University, calls it "basically an impossible task," and doubts it is occurring. In any case, he says, "there is no technology that can find all of the bugs and malicious things in software."

The testing authorities are currently working off 2002 standards that computer experts say are inadequate. One glaring flaw, notes Rebecca Mercuri, a Harvard-affiliated computer scientist, is that the standards do not require examination of any commercial, off-the-shelf software used in voting machines, even though it can contain flaws that put the integrity of the whole system in doubt. A study of Maryland's voting machines earlier this year found that they used Microsoft software that lacked critical security updates, including one to stop remote attackers from taking over the machine.

If so-called independent testing were as effective as its supporters claim, the certified software should work flawlessly. But there have been disturbing malfunctions. Software that will be used in Miami-Dade County, Fla., this year was found to have a troubling error: when it performed an audit of all of the votes cast, it failed to correctly match voting machines to their corresponding vote totals.

If independent testing were taken seriously, there would be an absolute bar on using untested and uncertified software. But when it is expedient, manufacturers and election officials toss aside the rules without telling the voters. In California, a state audit found that voters in 17 counties cast votes last fall on machines with uncertified software. When Georgia's new voting machines were not working weeks before the 2002 election, uncertified software that was not approved by any laboratory was added to every machine in the state.

The system requires a complete overhaul. The Election Assistance Commission, a newly created federal body, has begun a review, but it has been slow to start, and it is hamstrung by inadequate finances. The commission should move rapidly to require a system that includes:

Truly independent laboratories. Government, not the voting machine companies, must pay for the testing and oversee it.

Transparency. Voters should be told how testing is being done, and the testers' qualifications.

Rigorous standards. These should spell out in detail how software and hardware are to be tested, and fix deficiencies computer experts have found.

Tough penalties for violations. Voting machine companies and election officials who try to pass off uncertified software and hardware as certified should face civil and criminal penalties.

Mandatory backups. Since it is extremely difficult to know that electronic voting machines will be certified and functional on Election Day, election officials should be required to have a nonelectronic system available for use.

None of these are substitutes for the best protection of all: a voter-verified paper record, either a printed receipt that voters can see (but not take with them) for touch-screen machines, or the ballot itself for optical scan machines. These create a hard record of people's votes that can be compared to the machine totals to make sure the counts are honest. It is unlikely testing and certification will ever be a complete answer to concerns about electronic voting, but they certainly are not now.

Copyright 2004 The New York Times Company

so long democracy.

so long democracy.

Why HELLO big brother!!!!!


(Remember to smile at the screen while posting!!!!)

June 13, 2004

MAKING VOTES COUNT

Gambling on Voting

If election officials want to convince voters that electronic voting can be trusted, they should be willing to make it at least as secure as slot machines. To appreciate how poor the oversight on voting systems is, it's useful to look at the way Nevada systematically ensures that electronic gambling machines in Las Vegas operate honestly and accurately. Electronic voting, by comparison, is rife with lax procedures, security risks and conflicts of interest.

On a trip last week to the Nevada Gaming Control Board laboratory, in a state office building off the Las Vegas Strip, we found testing and enforcement mechanisms that go far beyond what is required for electronic voting. Among the ways gamblers are more protected than voters:

1. The state has access to all gambling software. The Gaming Control Board has copies on file of every piece of gambling device software currently being used, and an archive going back years. It is illegal for casinos to use software not on file. Electronic voting machine makers, by contrast, say their software is a trade secret, and have resisted sharing it with the states that buy their machines.

2. The software on gambling machines is constantly being spot-checked. Board inspectors show up unannounced at casinos with devices that let them compare the computer chip in a slot machine to the one on file. If there is a discrepancy, the machine is shut down, and investigated. This sort of spot-checking is not required for electronic voting. A surreptitious software change on a voting machine would be far less likely to be detected.

3. There are meticulous, constantly updated standards for gambling machines. When we arrived at the Gaming Control Board lab, a man was firing a stun gun at a slot machine. The machine must work when subjected to a 20,000-volt shock, one of an array of rules intended to cover anything that can possibly go wrong. Nevada adopted new standards in May 2003, but to keep pace with fast-changing technology, it is adding new ones this month.

Voting machine standards are out of date and inadequate. Machines are still tested with standards from 2002 that have gaping security holes. Nevertheless, election officials have rushed to spend hundreds of millions of dollars to buy them.

4. Manufacturers are intensively scrutinized before they are licensed to sell gambling software or hardware. A company that wants to make slot machines must submit to a background check of six months or more, similar to the kind done on casino operators. It must register its employees with the Gaming Control Board, which investigates their backgrounds and criminal records.

When it comes to voting machine manufacturers, all a company needs to do to enter the field is persuade an election official to buy its equipment. There is no way for voters to know that the software on their machines was not written by programmers with fraud convictions, or close ties to political parties or candidates.

5. The lab that certifies gambling equipment has an arms-length relationship with the manufacturers it polices, and is open to inquiries from the public. The Nevada Gaming Control Board lab is a state agency, whose employees are paid by the taxpayers. The fees the lab takes in go to the state's general fund. It invites members of the public who have questions about its work to call or e-mail.

The federal labs that certify voting equipment are profit-making companies. They are chosen and paid by voting machine companies, a glaring conflict of interest. The voters and their elected representatives have no way of knowing how the testing is done, or that the manufacturers are not applying undue pressure to have flawed equipment approved. Wyle Laboratories, one of the largest testers of voting machines, does not answer questions about its voting machine work.

6. When there is a dispute about a machine, a gambler has a right to an immediate investigation. When a gambler believes a slot machine has cheated him, the casino is required to contact the Gaming Control Board, which has investigators on call around the clock. Investigators can open up machines to inspect their internal workings, and their records of recent gambling outcomes. If voters believe a voting machine has manipulated their votes, in most cases their only recourse is to call a board of elections number, which may well be busy, to lodge a complaint that may or may not be investigated.

Election officials say their electronic voting systems are the very best. But the truth is, gamblers are getting the best technology, and voters are being given systems that are cheap and untrustworthy by comparison. There are many questions yet to be resolved about electronic voting, but one thing is clear: a vote for president should be at least as secure as a 25-cent bet in Las Vegas.

Copyright 2004 The New York Times Company

July 23, 2004

Insurance for Electronic Votes

This November, millions of voters will use electronic voting machines of questionable reliability. The election is by now too near for the sort of major overhaul that electronic voting requires. But there is still time for states and localities to protect the integrity of the voting and build public confidence in the results. The public should insist that election officials put these protections in place right away.

There has been extensive documentation of the problems with electronic voting. Several studies have found that it is vulnerable to vote theft and to inadvertent errors that can alter the outcome of an election. These inherent flaws are made worse by the reckless, and possibly illegal, actions of voting machine companies. This spring, California banned 14,000 Diebold voting machines because of allegations of "fraudulent actions" by the manufacturer.

In a well-run election system, electronic voting machines costing millions of dollars would not have been purchased before there were adequate standards for ensuring that they work properly. But given that nearly one-third of voters may be voting electronically this fall, it is fortunate that a number of private groups - including the Brennan Center for Justice at the New York University Law School and the Caltech/M.I.T. Voting Technology Project - have stepped forward with ideas for how election officials can minimize the risks. Kevin Shelley, the California secretary of state and a pioneer in the field, has also issued useful directives, many of which are on his official Web site.

Here are some things voters should demand:

Physical security for electronic systems Electronic voting machines must be kept secure at all times. It seems like an obvious point, but it's been ignored too often. In Georgia's March primary, voting machines were reported to have been delivered early to a polling place in a university student center, and left unattended. Some places start up machines the night before the election, a clear security risk.

The locks and antitampering devices on machines must be more secure. A study earlier this year in Maryland found, unbelievably, that all 16,000 electronic voting machines in the state had identical locks, which could be opened with a single key. The entire "chain of custody" of the voting, from the casting of ballots to the final tabulation, must be kept secure. Computers used in elections must not be used for anything else. All software used on them should be certified, and logs should be kept of everyone who has access to them.

Rigorous testing of electronic machines In many jurisdictions, testing is woefully inadequate. The machines should be exhaustively tested in advance, with real people casting votes, not simply machines "self-testing" their accuracy. The tests should use all of the ballot configurations that will be used in the election, and in large enough sample sizes to draw meaningful conclusions.

Randomly selected machines should be continually tested throughout Election Day. This "parallel monitoring," as it is known, can test parts of the system that come into play only during actual voting. It can ensure that no malicious software was installed that was designed to look honest before and after voting, but to steal votes during the election itself.

Properly trained poll workers, and rapid-response teams on Election Day Many of the problems that have occurred so far with electronic voting were due to election workers' errors. Poll workers must be extensively trained in the use of electronic voting machines, and given clearly written materials. On Election Day, there should be enough technology experts available to handle problems as they occur, monitoring teams doing spot checks for malfunctions and tampering, and rapid-response teams available for quick on-site visits.

Public records at the precinct level The more records that are created of vote totals, and the earlier in the process such records are created, the harder it is to steal votes. When the polls close, the results should be printed out and posted at each precinct and should remain there for at least one day to protect against alterations in the totals during transmission to the central office. Election results for precincts should also be immediately posted online.

The option to vote non-electronically Many voters do not trust electronic voting, and many are not confident of their computer skills. Any voter should be able to use a paper ballot. A review of Florida's primary this March found that elderly voters were more likely than others to cast ballots that did not select a candidate. Forcing people to vote electronically could lead to a rerun of the infamous "butterfly ballot" of 2000, with overly complicated voting technology that disenfranchises voters.

Independent security experts The short history of electronic voting has shown that manufacturers cannot be trusted when it comes to the reliability of their products. Jurisdictions that use electronic voting should employ outside experts to test their systems. These tests should be done well in advance and made public. Voters should be told what is being done to address any problems.

Transparency in electronic voting As we saw again this month in Florida, which was forced to scrap a flawed list of felons to be purged from voter rolls that it had originally kept from the public, secrecy in election administration is often a cover for incompetence, or even partisan manipulation. Voters should be able to monitor every aspect of electronic voting, from the purchase of machines to the final tabulation of votes, and offered enough training that they can understand what they are seeing.

In the long run, electronic voting should not be allowed without unimpeachable and mandatory security standards, and machines that allow voters to see paper records and ensure that their votes are properly recorded. Unfortunately, a large part of the electorate will be using electronic machines this fall that lack these safeguards. Election officials have an obligation to act now to make the system as reliable as possible.

Making Votes Count: Editorials in this series remain online at www.nytimes.com/makingvotescount .

Copyright 2004 The New York Times Company

July 27, 2004

OP-ED COLUMNIST

Fear of Fraud

By PAUL KRUGMAN

It's election night, and early returns suggest trouble for the incumbent. Then, mysteriously, the vote count stops and observers from the challenger's campaign see employees of a voting-machine company, one wearing a badge that identifies him as a county official, typing instructions at computers with access to the vote-tabulating software.

When the count resumes, the incumbent pulls ahead. The challenger demands an investigation. But there are no ballots to recount, and election officials allied with the incumbent refuse to release data that could shed light on whether there was tampering with the electronic records.

This isn't a paranoid fantasy. It's a true account of a recent election in Riverside County, Calif., reported by Andrew Gumbel of the British newspaper The Independent. Mr. Gumbel's full-length report, printed in Los Angeles City Beat, makes hair-raising reading not just because it reinforces concerns about touch-screen voting, but also because it shows how easily officials can stonewall after a suspect election.

Some states, worried about the potential for abuse with voting machines that leave no paper trail, have banned their use this November. But Florida, which may well decide the presidential race, is not among those states, and last month state officials rejected a request to allow independent audits of the machines' integrity. A spokesman for Gov. Jeb Bush accused those seeking audits of trying to "undermine voters' confidence," and declared, "The governor has every confidence in the Department of State and the Division of Elections."

Should the public share that confidence? Consider the felon list.

Florida law denies the vote to convicted felons. In 2000 the state hired a firm to purge supposed felons from the list of registered voters; these voters were turned away from the polls. After the election, determined by 537 votes, it became clear that thousands of people had been wrongly disenfranchised. Since those misidentified as felons were disproportionately Democratic-leaning African-Americans, these errors may have put George W. Bush in the White House.

This year, Florida again hired a private company - Accenture, which recently got a homeland security contract worth up to $10 billion - to prepare a felon list. Remembering 2000, journalists sought copies. State officials stonewalled, but a judge eventually ordered the list released.

The Miami Herald quickly discovered that 2,100 citizens who had been granted clemency, restoring their voting rights, were nonetheless on the banned-voter list. Then The Sarasota Herald-Tribune discovered that only 61 of more than 47,000 supposed felons were Hispanic. So the list would have wrongly disenfranchised many legitimate African-American voters, while wrongly enfranchising many Hispanic felons. It escaped nobody's attention that in Florida, Hispanic voters tend to support Republicans.

After first denying any systematic problem, state officials declared it an innocent mistake. They told Accenture to match a list of registered voters to a list of felons, flagging anyone whose name, date of birth and race was the same on both lists. They didn't realize, they said, that this would automatically miss felons who identified themselves as Hispanic because that category exists on voter rolls but not in state criminal records.

But employees of a company that prepared earlier felon lists say that they repeatedly warned state election officials about that very problem.

Let's not be coy. Jeb Bush says he won't allow an independent examination of voting machines because he has "every confidence" in his handpicked election officials. Yet those officials have a history of slipshod performance on other matters related to voting and somehow their errors always end up favoring Republicans. Why should anyone trust their verdict on the integrity of voting machines, when another convenient mistake could deliver a Republican victory in a high-stakes national election?

This shouldn't be a partisan issue. Think about what a tainted election would do to America's sense of itself, and its role in the world. In the face of official stonewalling, doubters probably wouldn't be able to prove one way or the other whether the vote count was distorted - but if the result looked suspicious, most of the world and many Americans would believe the worst. I'll write soon about what can be done in the few weeks that remain, but here's a first step: if Governor Bush cares at all about the future of the nation, as well as his family's political fortunes, he will allow that independent audit.

Copyright 2004 The New York Times Company

October 31, 2004

EDITORIAL OBSERVER | MAKING VOTES COUNT

Where the Action's at for Poll Watchers: Ohio as the New Florida

By ADAM COHEN

In a sleek law firm conference room 19 stories above Park Avenue last Thursday night, the subject was where people wanted to go to monitor elections this week. A few hands shot up for Florida, and more for Pennsylvania. But while Florida may still be the marquee name in election mismanagement, Ohio is where most people wanted to be on Nov. 2. The most inscrutable of all the swing states, it's where the Republicans have filed objections to 35,000 new voter registrations and are sending 3,600 poll challengers, mainly to heavily minority precincts that tend to produce Democratic votes. The law students and lawyers in the Midtown law offices, volunteers for a group called Election Protection, wanted to be there, too, pushing in the opposite direction.

The legacy of Florida 2000 was public knowledge of a secret that election officials had long kept to themselves: that every year millions of eligible voters are wrongly prevented from voting, and millions of votes are thrown out. Many states, including Ohio, still use punch-card machines that produce the hanging, dimpled and pregnant chads Americans expected to see eliminated after the last fiasco. Reckless voting-roll purges are still throwing eligible voters off the rolls. And this year has produced new outrages, such as Glenda Hood, the Florida secretary of state, ordering election officials to throw out voter registrations when applicants fail to check a box saying they are citizens - even though they swear they are elsewhere on the form.

In the face of this government indifference and hostility to voters, private citizens have begun to step in. When Election Protection, a nonpartisan coalition of more than 50 groups, ranging from the League of Women Voters to Rock the Vote, sent out a call for volunteers, the response was overwhelming. A thousand people showed up to be trained in a single day last month at Columbia Law School. The coalition will send out 25,000 poll monitors next week to "high risk" precincts in 17 states, and operate a toll-free nationwide hot line, 1-866-OUR-VOTE, on Election Day.

More voters are disenfranchised every year by incompetent or malevolent election administrators than anything else. During Florida's August primary, Election Protection monitors observed a poll worker shouting through a bullhorn that no one would be allowed to vote without photo ID, even though Florida law does not require voter ID. Anyone who has spent any time observing local voting officials at work can attest that there is enough incompetence out there to cover a multitude of disenfranchisements. Still, it's hard to avoid the conclusion that at least some of these officials are intentionally trying to stop eligible people from voting. Ohio's secretary of state recently issued an order, which he rescinded in the face of loud protests, that voter registrations submitted on insufficiently thick paper would be thrown out. Last week, Missouri's secretary of state said there was nothing wrong with groups that run registration drives throwing out registrations that they promised to hand in.

Inevitably, the sight of all these eager young people piling onto buses to help people vote in other states calls up comparisons to the civil rights movement in the 1960's. If nothing else, the latest generation of voter rights advocates are identical in their enthusiasm. Last week in New York, Jon Miller, a third-year law student, was training his fellow volunteers on what to expect after they board their buses for Ohio at 9 Monday night. When they arrive the following morning, he said, they will pick up a stack of voter bills of rights, put on their You Have the Right to Vote T-shirts, and arrive at their assigned polling places by 5:30 a.m. "Even though you've just gotten off an eight-hour bus ride," he assured his charges energetically, "you are going to feel fresh and great."

Making Votes Count: The editorials in this series remain online at www.nytimes.com/makingvotescount .

Copyright 2004 The New York Times Company

November 4, 2004

EDITORIAL

Lessons of the Ballot Box

When the last of the Ohio returns came in, the 2004 election ended up being outside the so-called margin of litigation. But an uncontested election is not necessarily a well-run one. In Ohio, and around the country, this year's election exhibited flaws that will continue to detract from our democracy until they are addressed. One of the first issues that both parties should commit to is working to produce a first-class elections system.

There were significant problems with the Ohio voting, even though the Kerry campaign determined that a recount would not change the outcome. Incredibly, four years after the 2000 election mess, more than 70 percent of Ohioans still cast their vote on punch-card machines, whose hanging, pregnant and dimpled chads routinely disenfranchise as many as 2 percent, or more, of the voters who use them. Many of the more than 130,000 Ohioans who were forced to vote on provisional ballots were registered voters who should have been on the rolls. The system did not melt down, but there were plenty of problems that showed its vulnerability.

Partisan poll workers challenged voters in Ohio and Florida, relying on laws that in future elections could be used to disenfranchise large numbers of voters and to slow voting in some precincts to a crawl. Voter identification requirements were arbitrarily, and often incorrectly, enforced. Minority voters in some states were the targets of dirty tricks, including leaflets telling newly registered voters that they could not vote in this year's election.

One of the most troubling problems with the voting was the extraordinary lines many voters faced at the polls. In some areas, the wait to vote was four hours or more, and in many cases the longest lines were in minority neighborhoods. Many people literally cannot afford to wait that long to vote, and there were numerous reports of voters leaving the lines without voting. The nation should commit itself to providing enough voting machines and election workers to make waiting times reasonable.

The controversy over provisional ballots, one of the few reforms to come out of the 2000 election, showed that the rules governing them need improvement. Many states quietly adopted laws requiring these provisional ballots to be thrown out if they are cast in the wrong precinct. But election officials are often unable to direct voters to the right precinct on Election Day. A valid ballot should count wherever it is filed. There were also too many reports of absentee ballots duly applied for, including by military personnel, that did not arrive in time.

Nearly one-third of voters nationwide cast their ballots on electronic voting machines that do not produce a paper trail. As the public has learned more about the vulnerability of electronic voting to errors and intentional tampering, there has been a fast-growing movement to require voter-verified paper trails. Until these are provided, many voters will not have confidence in these machines.

The good news about the election system this week is that more than 114 million Americans, including many young people and new voters, believed in it enough to vote. There is great work to be done, however, to give them the system they deserve.

Making Votes Count: Editorials in this series remain online at www.nytimes.com/makingvotescount .

Copyright 2004 The New York Times Company

Can Diebold machines pass the test

Reputation, sales riding on e-voting devices' ability to withstand new experiment

by Ian Hoffman
Oakland Tribune
November 27, 2005

http://www.insidebayarea.com/oaklandtribune/localnews/ci_3256676


Back in May, voting activists went on the Internet and for $300 apiece purchased two devices used to record moisture levels in corn.

Certain corn scanners use the same memory cards as Diebold Election Systems' optical-scanning machines for ballots and can easily modify them.

That makes corn scanners into a tool for vote hacking.

Sitting by a hotel pool last spring in Florida, Finnish computer expert Harri Hursti wrote his own program onto a memory card so it could alter poll results on a Diebold machine in Leon County and flash a screen message — "Are we having fun yet?" — that shocked the local elections supervisor.

Prodded by activists with nonprofit Black Box Voting, California elections officials have agreed to a test hack of the Diebold voting machines running in 17 of its counties, from San Diego to Los Angeles and Alameda to Humboldt.

The test, first reported by the Oakland Tribune last week, originally was scheduled for Wednesday but is likely to be delayed until mid-December.

At risk for Diebold is reputation, millions of dollars in sales and possibly its mantle as the nation's largest supplier of electronic voting equipment.

If Hursti or another computer expert succeed in hacking Diebold's voting machinery, the McKinney, Texas, firm could be forced to redesign software fundamental to each major component of its voting system. Securing new state and federal approvals would bring delay and loss of sales the company is counting on prior to the June 2006 primary.

Counties face Jan. 1 state and federal deadlines for acquiring new, handicapped-accessible voting systems that also offer some form of paper record. Those counties relying on Diebold might turn to other voting-system makers.

As a result, there have been extensive, ongoing negotiations between Black Box Voting and the California Secretary of State's office, which also is talking to Diebold, over conditions of the test, confidentiality of the results and measures of success. Those talks continued this weekend, but state officials said they remain committed to performing the test.

"Secretary (Bruce) McPherson takes testing these systems very seriously," said his spokeswoman Nghia Nguyen Demovic. "He wants safeguards in place so that every vote cast is secured. He's doing his due diligence to assure voter confidence."

Last week, state officials said they instead will select the voting equipmentat random from a California county using Diebold.

The hacks — there are two — are almost elegantly simple.
Before every election, Diebold optical-scanning machines usedin polling places are programmed for ballot and report details using memory cards. Touchscreen machines, as Alameda County uses, are programmed with PC cards.

Hursti realized this was a way into the voting system after looking at some of the Diebold software that Black Box Voting founder Bev Harris downloaded from an unsecure company Web site.

"Within 24 hours, he said I have found the Holy Grail," Harris recalled.

Hursti taught himself the rudiments of Diebold's programming language, AccuBasic. Using the crop scanner, he then wrote his own Diebold programs onto the memory cards.

Touchscreens apparently can be reprogrammed the same way, but more easily because PC cards can be written with a laptop computer.

The optical-scanning machines and the touchscreens are accessible to thousands of volunteer pollworkers on Election Day and often for several days before.

The AccuBasic files themselves are generated by the core of the Diebold voting system, a central vote-tabulating computer known as GEMS.

Another expert, Herbert Thompson, chief security strategist for Security Innovations, a Wilmington, Mass., computer-security firm, found that inserting no more than 60 lines of software into the computer's database program could change vote totals.

Getting the hack into GEMS requires access to the machine, typically kept in a locked room. But for an insider with that access, the rest of the task is as simple as sliding in a compact disc.

Both hacking strategies can be caught by recounting the ballots. California law requires a recount in 1 percent of precincts after every election.

But in Los Angeles County and other jurisdictions, elections officials do not recount absentee ballots, which are mailed in and scanned at election offices. Absentee ballots are more than a third of the vote in California and in several counties more than half of the vote. "You just tamper with the GEMS database for the absentee vote, and then if you exclude the absentees from the one percent recount then you completely own the process," said Jim March, a board member of Black Box Voting.


© 2005 ANG Newspapers

Diebold insider alleges company plagued by technical woes, Diebold defends 'sterling' record

Miriam Raftery

http://rawstory.com/news/2005/Diebold_insider__alleges_company_plagued_1206.html


In an exclusive interview with RAW STORY (http://rawstory.com/), a whistleblower from electronic voting heavyweight Diebold Election Systems Inc. raised grave concerns about the company’s electronic voting technology and of electronic voting in general, bemoaning an electoral system the insider feels has been compromised by corporate privatization.

The Diebold insider, who took on the appellation “Dieb-Throat” in an interview (http://www.bradblog.com/Diebold.htm) with voting rights advocate Brad Friedman (BradBlog.com (http://bradblog.com/)), was once a staunch supporter of electronic voting’s potential to produce more accurate results than punch cards.

But the company insider became disillusioned after witnessing repeated efforts by Diebold to evade meeting legal requirements or implementing appropriate security measures, putting corporate interests ahead of the interests of voters.

“I’ve absolutely had it with the dishonesty,” the insider told RAW STORY (http://rawstory.com/).

Blasting Wally O’Dell, the current president of Diebold, the whistleblower went on to explain behind-the-scenes tactics of the company and its officers.

“There’s a lot of pressure in the corporation to make the numbers: `We don’t tell you how to do it, but do it.’ [O’Dell is] probably the number one culprit putting pressure on people,” the source said.

Diebold spokesman David Bear rebuts the charges. “Diebold has a sterling reputation in the industry," Bear said. "It’s a 144-year-old company and is considered one of the best companies in the industry."

Previous revelations from the whistleblower have included evidence that Diebold’s upper management and top government officials knew of backdoor software in Diebold’s central tabulator before the 2004 election, but ignored urgent warnings—such as a Homeland Security alert posted (http://www.us-cert.gov/cas/bulletins/SB04-252.html#diebold) on the Internet.

“This is a very dangerous precedent that needs to be stopped—that’s the corporate takeover of elections,” the source warned. “The majority of election directors don’t understand the gravity of what they’re dealing with. The bottom line is who is going to tamper with an election? A lot of people could, but they assume that no one will.”

Concerns about Georgia, Ohio elections

The insider harbors suspicions that Diebold may be involved in tampering with elections through its army of employees and independent contractors. The 2002 gubernatorial election in Georgia raised serious red flags, the source said.

“Shortly before the election, ten days to two weeks, we were told that the date in the machine was malfunctioning,” the source recalled. “So we were told 'Apply this patch in a big rush.’” Later, the Diebold insider learned that the patches were never certified by the state of Georgia, as required by law.

“Also, the clock inside the system was not fixed,” said the insider. “It’s legendary how strange the outcome was; they ended up having the first Republican governor in who knows when and also strange outcomes in other races. I can say that the counties I worked in were heavily Democratic and elected a Republican.”

In Georgia’s 2002 Senate race, for example, nearly 60 percent of the state’s electorate by county switched (http://www.citypaper.com/news/story.asp?id=3381) party allegiances between the primaries and the general election.

The insider’s account corroborates a similar story told by Diebold contractor Rob Behler in an interview (http://www.scoop.co.nz/stories/HL0307/S00078.htm) with Bev Harris of Black Box Voting.

Harris revealed that a program patch titled “rob-georgia.zip” was left on an unsecured server and downloaded over the Internet by Diebold technicians before loading the unauthorized software onto Georgia voting machines.

“They didn’t even TEST the fixes before they told us to install them,” Behler stated, adding that machines still malfunctioned after patches were installed.
California decertified Diebold TSX touch screen machines after state officials learned that the vendor had broken state election law.

“In California, they got in trouble and tried to doubletalk. They used a patch that was not certified,” the Diebold insider said. “They’ve done this many times. They just got caught in Georgia and California.”

The whistleblower is also skeptical of results from the November 2005 Ohio election, in which 88 percent of voters used touch screens and the outcome on some propositions changed as much as 40 percent (http://www.bradblog.com/archives/00002030.htm) from pre-election exit polls.

“Amazing,” the Diebold insider said.

Diebold is headquartered in Ohio. Its chairman Wally O’Dell, a key fundraiser for President Bush, once promised in an invitation to a Republican fundraising dinner to deliver Ohio’s electoral votes for Bush. The staffer said the company has a deep conservative culture.

“My feeling having been really deep inside the company is that initially Diebold, being a very conservative and Republican company, felt that if they controlled an election company, they could have great influence over the outcome,” the source, a registered independent, said.

“Does that mean fixing elections? Not necessarily, but if your people are in election departments and they are biased toward Republicans, you will have an influence…I think this is what they were buying, the positioning. Obviously screwing with the software would be a homerun—and I do think that was part of their recipe for getting into the election business. But the public got involved and said 'Hey, what’s going on?' That pulled the sheet off what their plan was with these paperless voting machines.”

The difficulties of installing paper trails

Responding to public demand for paper trails, Diebold has devised a means of retrofitting its paperless TSX system with printers and paper rolls. But in Ohio’s November 2005 election, some machines produced blank paper (http://toledoblade.com/apps/pbcs.dll/article?AID=/20051120/NEWS09/511200359).

The whistleblower is not surprised. “The software is again the culprit here. It’s not completely developed. I saw the exact same thing in Chicago during a demonstration held in Cook County for a committee of people who were looking at various election machines… They rejected it for other reasons.”

Asked if Ohio officials were made aware of that failure prior to the recent election, the source said, “No way. Anything goes wrong inside Diebold, it’s hush-hush.”

Most officials are not notified of failed demonstrations like the one in Cook County, the insider said, adding that most system tests, particularly those exhibited for sale are not conducted with a typical model.

California, which recently conducted a test of the system without public scrutiny that found only a three percent failure rate—far lower than earlier tests that found a 30 percent combined failure (http://www.votetrustusa.org/index.php?option=com_content&task=view&id=96&Itemid=30) due to software crashes and printer jams.

Asked if the outcomes of the newest test should be trusted, the whistleblower, who does not know the protocols used in the California test, warned, “There’s a practice in testing where you get a pumped-up machine and pumped-up servers, and that’s what you allow them to test. Diebold does it and so do other manufacturers. It’s extremely common.”

Neither the TSX nor the older TS6 election equipment systems used by Diebold were designed to be retrofitted with paper trails. “The TSX was designed and brought to market after the paper trail issue erupted, yet it was introduced as a paperless system. But the uproar became so great… The public forced Diebold to put printers on their machines.” Adding printers to existing computer hardware together poses challenges.

The TS6 machines can’t be retrofitted with paper at all, leaving 35,000 voters in Maryland and Georgia to rely on paperless, faith-based voting.

Even if the blank paper problem could be solved, there are other serious problems with some TSX equipment. “The system that was offered to San Diego was purely experimental—the TSX and the electronic poll book, the check-in device,” the Diebold insider stated. “Voters couldn’t access the system to vote with the electronic poll book if the batteries died.” The high rate of breakdowns involving access cards for the poll book caused major problems, the source added. “The interesting part about this device is that it had never been used before. That was probably not certified.”

San Diego has since warehoused its TSX system, pending a decision by the state on whether to recertify. San Diego County now uses Diebold optical scanners—but those pose security problems as well.

Although Black Box Voting demonstrated during a demonstration in Leon County, Florida that computer experts could hack into a similar system in less than a minute and alter a memory card to switch votes, election officials still brush off concerns for additional security precautions.

San Diego County Registrar of Voters, Mikel Haas, for example, was questioned by this reporter for the city’s local paper, Citybeat. He insisted (http://www.sdcitybeat.com/article.php?id=3674) that no additional security measures were needed.

Asked if Diebold had implemented any changes to close security holes revealed by the Leon County hack, the source replied, “None that I know of.”

Informed that Haas allowed over 700 voting machines with memory cards inside to be sent home overnight with poll-workers, the insider raised alarm. “These memory cards need to be protected every single step of the way, like money. If they have people taking these machine home with memory cards, that’s out the window.”

The Diebold whistleblower also criticized election officials in San Diego and elsewhere for allowing Diebold personnel to be present when votes reach the server. “The election office’s employees—people who are paid with our tax dollars to conduct elections and have proper security elections and background check should do this – and no one else.” Manufacturers should be a mile away on election night, the source added.

The best way for concerned citizens to detect fraud is to “be there on election night” to observe vote tabulations, the insider said. But in some cities, citizens have been barred from watching votes being counted on Diebold tabulators – and in San Diego, Black Box Voting activist Jim March was arrested (http://www.bbvforums.org/forums/messages/1954/8556.html#POST8206) in July 2005 and charged with felony trespassing after entered a secured room to watch votes being counted. The charges were later dismissed.

But no amount of observation can totally protect the public from the dangers inherent in electronic voting, the whistleblower says. “People are going to end up losing their rights in many ways that they will never, never understand. For example, the new electronic databases for voter registration is a great idea, but it passes control away from local boards of elections and puts it in the hands of the states…The final database is manipulated by states instead of counties. Every state must have it. It’s mandated by [the Help America Vote Act]. It’s a sleeper issue.”

The source, who once supported the Help America Vote Act (HAVA), now concedes “it’s terrible…Most of this is a big money grab.”

The Diebold hand believes many election officials are naпve, while others are “downright arrogant. They are serving politicians and in many cases, vendors.”

How Diebold woos state officials

The insider described a systematic process Diebold uses to woo election officials via cash doled out by lobbyists or attorneys and favors to assist budget-strapped public officials. “They promise the election directors the moon and deliver things to them that really aren’t legitimate parts of the contract.” Those promises range from providing personnel to equipping warehouses with electrical systems to recharge batteries in voting machines.

“The corporation pretty much takes over. That’s how they capture so many of these people. Diebold is making them look good and they’re not going to bite the hand that feeds them.”

Diebold creates a “monetary incentive” to stay involved via future servicing contracts after selling election equipment, the whistleblower noted, adding, “The machines are purposely complex and poorly designed.”

Noting that the GEMS software runs on Microsoft Access, Dieb-Throat observed, “There are problems that can’t be fixed. I understand they are going to redesign it around Oracle.”

Diebold spokesman David Bear denied that the company is redesigning software around an Oracle platform. “No, that’s not true to my knowledge,” he said.

Asked whether any TSX machine produced blank paper during a demonstration in Cook County, he replied, “I’m not aware of that.”

Bear initially denied that any Diebold machines in Ohio produced blank paper rolls.

“That’s not true,” he said. “They just ran an election November 8th with over 15,000 of the units and the Secretary of State was overwhelmingly pleased.” After being told of news reports describing blank paper rolls produced in Ohio, however, he replied, “It would not surprise me if a paper roll was installed upside down.”

Diebold consultant convicted for embezzlement

The Diebold insider noted that the initial GEMS system used to tabulate votes for the Diebold Opti-scan systems was designed by Jeffrey Dean, who was convicted (http://bbvdocs.org/dean.pdf) in the early 1990s of computer-aided embezzlement. Dean was hired by Global Election Systems, which Diebold acquired in 2000. Global also had John Elder, a convicted cocaine trafficker, on its payroll. Diebold spokesman David Bear told Citybeat that Dean left shortly after the acquisition and that Elder also left “long ago.” Black Box Voting reported that Diebold gave Elder a “golden parachute” in 2004 and that he was let go only after his criminal past was revealed by BBV and mainstream publications.

But the Diebold whistleblower told RAW STORY (http://rawstory.com/) that Elder remained working for Diebold “as recently as the summer of this year … [Elder creates] the paper ballots for absentee voting… They were making the ballots for the November election for sure, for all over the country.”

Bear denied that Elder is still on Diebold’s payroll as either an employee or independent contractor.

“He was with the company two companies ago, never was an employee of Diebold, and worked for a company that was acquired by Diebold,” he said.
Asked if Elder works for a company producing ballots for any of California’s Diebold systems, Bear responded, “The counties contract for that. I don’t have the slightest idea… There are probably several different companies that produce ballots for California.”

Bear denied allegations that Diebold has installed uncertified patches.
“Nothing is done in any state except under guidance and authority of election officials in the state.”

He also stated that the California Secretary of State’s staff has recommended recertifying the Diebold TSX system retrofitted with paper rolls.

Bear defends Diebold's record.

“In the last presidential election, over 150,000 touch screens were run. They were recognized by CalTech and MIT for having accurately captured the vote. From the presidential election 2004, they believe over 1 million more votes were captured. They singled out touch-screens; the state with the most improvement was Georgia.” (Full text (http://www.vote.caltech.edu/media/documents/vtp_wp21.pdf) of the Caltech/MIT report)
The Diebold insider says Americans who care about their vote must remain vigilant. “I don’t look for the paperless people, the corporations, to back off at all. They will continue to try to keep the public in the dark.”

Diebold Exec Ignores Ban on Political Donations

Monday, December 05, 2005

http://mpetrelis.blogspot.com/


Despite a ban on political contributions from Diebold
executives, implemented in June of 2004 after the voting
machine corporation's chief executive officer, Walden O'Dell,
came under heavy criticism for hosting a fundraiser
for George W. Bush and signing a letter promising to
deliver Ohio's electoral college vote to him,
one Diebold leader apparently never got the memo about
the ban.

USA Today published an insightful story last year on O'Dell (http://www.usatoday.com/news/politicselections/2004-06-08-diebold-donations_x.htm)
trouble and his ban, that provides background to his voting
machine company's political woes.

A Federal Election Commission file on Isac Tabib
reveals he made a $1,000 this past June to Republican
U.S. Senator Michael DeWine, (http://www.newsmeat.com/fec/bystate_detail.php?st=OH&last=tabib&first=isac) who's up for reelection
in 2006. Why let a little thing like the company's
policy prohibiting such contributions stop Tabib from
writing out a check to DeWine?

By the way, DeWine will have at least one Democratic
Party challenger next year, none other than Iraqi war
vet Paul Hackett. You may have read Hackett's name in
the news lately because he lost a special election for
Ohio's second district seat in the House of
Representatives in August.

Who beat him? Rep. "Mean Jean" Schmidt, the vicious
Congresswoman who took to the House floor a few weeks
back to defame former Marine Rep. John Murtha after he
called for American troop reductions in Iraq.

Tabib's monetary gift to DeWine shows one thing about
Diebold. When they say something is company policy, it
doesn't mean all that much.

POTENTIAL SECURITIES FRAUD CLASS ACTION LAWSUIT AGAINST DIEBOLD IN PROGRESS!

http://www.velvetrevolution.us/


[/URL]Documents and comments provided by Company Insiders suggest Diebold could be the next Enron as All-New Legal Troubles Mount for Voting Machine Giant...

Additional Individual, Union Owners of Diebold Stock, Mutual Funds Sought for Addition to Plaintiff Class by Velvet Revolution!

[URL="http://www.bradblog.com/archives/00002126.htm"]http://www.bradblog.com/Images/Diebold_OhioCompany_Med.jpg (http://www.bradblog.com/archives/00002126.htm)

The BRAD BLOG (http://www.bradblog.com/) has received exclusive detailed information about a developing potential class action securities litigation against Diebold, Inc. (stock symbol: DBD (http://finance.yahoo.com/q?s=DBD)). The class for the suit will involve shareholders who purchased or owned stock in the Ohio-based company any time from October 22, 2003 though September 21, 2005.

Though we are not at liberty at this time to discuss the specifics of the potential litigation and the causes of action in the complaint being compiled, The BRAD BLOG (http://www.bradblog.com/) has learned that the class action lawsuit, currently being drawn up, will involve securities fraud violations and other troubling matters for the controversial company, its CEO as well as current and former members of its Board of Directors.

Those who owned or purchased Diebold stock, or mutual funds which carried Diebold during the period mentioned, are asked to contact LawSuit@VelvetRevolution.us (LawSuit@VelvetRevolution.us) where contact information submitted may be turned over to attorneys currently working on the case for possible addition to the plaintiff class. Union groups who own or owned shares of Diebold or mutual funds which invest in the company are specifically urged to contact VR (LawSuit@VelvetRevolution.us) about joining the class action...

FULL DETAILS COMMENTS FROM INSIDER "DIEB-THROAT":
http://www.bradblog.com/archives/00002126.htm (http://www.bradblog.com/archives/00002126.htm)

The only problem with this whole thing is getting the mainstream media to pay attention.

Diebold CEO resigns after reports of fraud litigation, internal woes

John Byrne
RAWSTORY
Dec. 12, 2005

http://rawstory.com/news/2005/Diebold_CEO_resigns_after_reports_of_1212.html


The chief executive officer of electronic voting company Diebold who once famously declared that he would "deliver" Ohio for President Bush has resigned effective immediately, RAW STORY (http://rawstory.com/) has learned.

"The board of directors and Wally mutually agreed that his decision to resign at this time for personal reasons was in the best interest of all parties," the company's new chairman said in a statement (http://biz.yahoo.com/prnews/051212/clm060.html?.v=31).

O'Dell's resignation comes just days after reports from BradBlog.com (http://bradblog.com/) that the company was facing imminent securities fraud litigation surrounding charges of insider trading. It also comes on the heels of a RAW STORY (http://rawstory.com/) interview (http://rawstory.com/news/2005/Diebold_insider__alleges_company_plagued_1206.html ) with a Diebold insider, who raised new allegations of technical woes inside the company, as well as concerns that Diebold may have mishandled elections in Georgia and Ohio.

Diebold's chief operating officer Thomas Swidarski will take O'Dell's place.

"This has been a very challenging year for the company," Swidarski said. "We are beginning to make progress to improve some of our performance issues, reduce our cost structure by addressing inefficiencies in our manufacturing supply chain and software development processes, and instill price discipline throughout the company."

In a story last week, RAW STORY (http://rawstory.com/) recounted allegations (http://rawstory.com/news/2005/Diebold_insider__alleges_company_plagued_1206.html ) made by a Diebold insider who said he/she had become disillusioned after witnessing repeated efforts by the firm to evade meeting legal requirements or implementing appropriate security measures, and who alleged that Diebold had put corporate interests ahead of the interests of voters.

“I’ve absolutely had it with the dishonesty,” the insider said (http://rawstory.com/news/2005/Diebold_insider__alleges_company_plagued_1206.html ). Blasting Wally O’Dell, the current president of Diebold, the whistleblower went on to explain behind-the-scenes tactics of the company and its officers.

“There’s a lot of pressure in the corporation to make the numbers: `We don’t tell you how to do it, but do it.’ [O’Dell is] probably the number one culprit putting pressure on people,” the source said.

The whistleblower also questioned whether the company or its subsidiaries had mishandled a 2002 Georgia gubernatorial election and voting in Ohio this year.

Diebold spokesman David Bear rebutted the charges. “Diebold has a sterling reputation in the industry," Bear said. "It’s a 144-year-old company and is considered one of the best companies in the industry."

The only problem with this whole thing is getting the mainstream media to pay attention.
Amazingly a google search this morning (the day after) brings up very few mentions of O'Dell's resignation, and only one from a bona fide news source (a search of AP brought up ZERO hits):

http://www.businessweek.com/ap/financialnews/D8EEVLCG0.htm?campaign_id=apn_tech_up&chan=tc

http://www.selfservice.org/newsbits/article.php?id=1075

EXCLUSIVE: SECURITIES FRAUD LITIGATION FILED AGAINST DIEBOLD, INC!

Eight Current and Former Executives Named as Co-Defendants, Including former CEO O'Dell and New CEO Swidarski

Class Action Suit Alleges Fraud, Insider Trading, Manipulation of Stock Prices, Concealment of Known Flaws in Voting Machines and Company Structural Problems

December 13, 2005
http://www.bradblog.com/archives/00002153.htm


The BRAD BLOG (http://www.bradblog.com/) can now report that a Securities Fraud Class Action suit has been filed against Diebold, Inc. (stock symbol: DBD (http://finance.yahoo.com/q?s=DBD&d=t)) naming eight top executive officers in the company as co-defendants. The suit has been filed by plaintiff Janice Konkol, alleging securities fraud against the North Canton, Ohio-based manufacturer of Voting Systems and ATM machines on behalf of investors who owned shares of Diebold stock and lost money due to an alleged fraudulent scheme by the company and its executives to deceive shareholders during the "class period" of October 22, 2003 through September 21, 2005.

The suit was filed today in U.S. Federal District Court in Ohio and alleges the company "artificially inflated" stock prices through misleading public information designed to conceal the true nature of Diebold's financial and legal situation. The defendants are also alleged to have attempted to disguise well-known and ongoing problems with Diebold's Voting Machine equipment and software. Additionally, the suit alleges insider trading by defendants resulting in proceeds of $2.7 million. Remedies are sought under the Securities Exchange Act of 1934.

The suit, filed by the law firm Scott+Scott, LLC on behalf of Konkol and the plaintiff class, names former Diebold CEO and Chairman, Walden O'Dell as a co-defendant along with seven other current and former officers of the once-venerable company.

News of the pending litigation was first reported as imminent in an exclusive report by The BRAD BLOG (http://www.bradblog.com/archives/00002126.htm) late last week.

Yesterday, in a surprise announcement, O'Dell unexpectedly resigned (http://www.bradblog.com/archives/00002149.htm) from the company. A Diebold press release described O'Dell as leaving the company for "personal reasons". He was immediately replaced by the company's president and chief operating officer, Thomas W. Swidarski, who had directly overseen Diebold's Election Systems subsidiary division for some time. Swidarski is also named as a co-defendant in today's class action suit.

After news was released of weaker-than-expected third-quarter earnings on September 21, Diebold stock prices plummeted 15.5% (http://www.bradblog.com/archives/00001852.htm) in unusually heavy trading that resulted in a one day sell-off costing investors more than $40 million dollars. The complaint describes Diebold and the co-defendants as having "failed to disclose adverse facts known" to the company and that they "participated in a fraudulent scheme and course of business that operated as a fraud."

The suit, to be released in full by The BRAD BLOG (http://www.bradblog.com/) shortly, alleges Diebold and the eight co-defendants failed to alert investors to adverse facts known to the company, choosing instead to participate in a "fraudulent scheme and course of business" that operated as a fraud or deceit on the company's shareholders.

The suit describes the liabilities of the company and co-defendants as follows...

Each defendant is liable for (a) making false statements, or (b) failing to disclose adverse facts known to him about Diebold. Defendants’ fraudulent scheme and course of business that operated as a fraud or deceit on purchasers of Diebold publicly traded securities was a success, as it (a) deceived the investing public regarding Diebold’s prospects and business; (b) artificially inflated the prices of Diebold’s publicly traded securities; (c) allowed insiders to sell over 51,000 shares of Diebold stock, for proceeds of $2.7 million; and (d) caused plaintiff and other members of the Class to purchase Diebold’s publicly traded securities at inflated prices.

...THE DEFENDANTS...

Named as co-defendants in the suit along with former CEO O'Dell and new CEO Swidarski are President of International Operations, Michael J. Hillock; Senior Vice President of Customer Solutions, David Bucci; Interim Chief Financial Officer, Principal Accounting Officer and Controller, Kevin J. Krakora; Vice President and Chief Information Officer, John M. Crowther; Senior Vice President and CFO, Gregory T. Geswein; and President and COO, Eric C. Evans. (Titles applied to the named co-defendants during the class period. Evans, for example resigned from the company on the same day as the Sep. 21, 2005 announcement.) "Each individual defendant," the suit points out, "owed a duty to the Company and its shareholders not to trade on inside information."

The claim cites a number of allegedly misleading news releases pertaining to the fitness and security of election systems as contracted by Diebold in San Diego County in 2003; their settlement for $2.6 million with the state of California in 2004, wherein Diebold is alleged to have concealed "the dimensions and scope of internal problems at the Company" from investors; and an "astonishingly low and incredibly inaccurate" statement about "restructuring charges" in the Sep. 21 announcement.


Once again, quoting from the lawsuit:During the Class Period, defendants knew and concealed that:

(a) the Company remained unable to assure the quality and working order of their voting machine products;

(b) the Company lacked a credible state of internal controls and corporate compliance;

(c) the 2004 settlement with the State of California served to conceal from investors the dimensions and scope of internal problems at the Company, impacting product quality, strategic planning, forecasting, guidance, internal controls and corporate compliance; and

(d) the Company’s "prediction" of astonishingly low and incredibly inaccurate restructuring charges for the entire 2005 fiscal year grossly understated the true costs defendants faced to restructure the Company.

The complaint alleges that the company lied to investors about the true costs of its restructuring activities, concealing the fact that Diebold was facing far worse restructuring issues than publicly represented -- indicative of far greater problems than the company was willing to reveal.

For example, the complaint indicates that the problems Diebold faced in California in 2004 were merely the tip of an internal structural iceberg which the company had sought to conceal from investors when they decided to make a settlement in the case. Investors could not know then that the problems revealed by the California litigation in 2004 were a sign of more and deeper internal problems to come. The settlement agreed to by Diebold in that case, the suit alleges, was meant to keep a lid on the larger dimensions of the problems, rather than indicating that the issues at stake had been fully resolved. Press materials released by the company announcing the settlement -- and included in the version of the complaint filed today -- seem to indicate otherwise to investors.

...THE INSIDER...

Additional facets of the company's internal structural problems were revealed in a series of previous BRAD BLOG articles (http://www.bradblog.com/Diebold.htm) reporting on an anonymous company insider we dubbed "DIEB-THROAT" who alerted us to the "Cyber Alert Warning" (http://www.us-cert.gov/cas/bulletins/SB04-252.html#diebold) issued by a branch of the Dept. of Homeland Security in August of 2004. That warning concerned the vulnerability to hackers of Diebold's central vote tabulating software prior to last year's Presidential Election. The election watchdog organization BlackBoxVoting.org (http://www.blackboxvoting.org/), who had first discovered the vulnerability, had also recently arranged for a computer security expert to successfully hack into actual Diebold voting machines used in Leon County, Florida without leaving any trace of the manipulation.

It was just several days after our first report on DIEB-THROAT (http://www.bradblog.com/archives/00001838.htm) that stock prices plunged at the company in September. Diebold attempted to blame their troubles, at the time, on bad weather in the gulf which lead our insider source to aver (http://www.bradblog.com/archives/00001852.htm): "Using Hurricane Katrina is a poor excuse for bad products - the last time this kind of deception occurred it was called Enron."

Internet news site, The RAW STORY (http://www.rawstory.com/) recently ran their own interview with DIEB-THROAT (http://rawstory.com/news/2005/Diebold_insider__alleges_company_plagued_1206.html ) revealing still more structural problems within the company and its voting division. The report explained that the company was "plagued by technical woes," even as a Diebold spokesperson claimed the 144-year old company "has a sterling reputation in the industry."

...THE PLAINTIFF...

Plaintiff Konkol, a just-retired 29-year public school employee from Central Wisconsin first invested in Diebold in 1999. She told The BRAD BLOG (http://www.bradblog.com/) that she purchased the stock thinking, "ATM's that'd be the way to go." She originally invested $500 which eventually grew to $1400 before falling. She is also invested in Diebold via mutual funds held by the Wisconsin Education Union in which she is a member. Konkol, a 56-year old grandmother of three, recently returned from two weeks of volunteering on the Gulf Coast with several members of her Lutheran church. "We got a big group together and we went down to the Gulf to help out in Katrina."

"I believe in churches...I believe we should practice what we're preached to about," she told us. "I don't like it when big companies take advantage of us little people," she said. "I can't say that I'm anti-big business...I just want things to be fair."

It appears that Scott+Scott, the attorneys associated with the case, are just beginning to learn about the full scope of the fraud allegedly perpetrated by Diebold on investors. Amended complaints with additional details are expected to be filed in the weeks and months to come. Other law firms are also expected to file similar suits which will eventually be consolidated by the Federal District Court hearing the case. Indeed The BRAD BLOG (http://www.bradblog.com/) has been contacted since filing our original report (http://www.bradblog.com/archives/00002126.htm) on this last week, by other firms who are said to be pursuing similar litigation against Diebold.

...THE REFORMERS...

As one of America's largest Voting Machine Companies (along with ES&S, they account for the tabulation of more than 80% of America's votes every election) Diebold has been the target of Election Reform advocates for their strong partisan support of Republican causes and candidates, a statement made prior to last year's Presidential Election to Republican fundraisers by O'Dell that he was committed to "delivering the state of Ohio" to George W. Bush, along with their reluctance to include verifiable paper ballots with their voting products and to make the source-code for their software open and available for public inspection.

A recent 100+ page GAO report (http://www.bradblog.com/archives/00001940.htm), shamefully unreported (http://www.bradblog.com/archives/00001964.htm) by the mainstream media, confirmed many of the Election Reform advocates concerns about the security and vulnerability of Voting Equipment made by Diebold and other such companies. In California, a recent mock election test revealed that some 20% of Diebold touch-screen voting machines failed to operate as expected after being previous decertified for similar failures and vulnerabilities. Despite that, California's Republican Sec. of State Bruce McPherson remarkably is considering re-certifying those same machines in the state which Diebold has described as America's "largest voting market."

Diebold was one of seven major American Voting Machine companies named in Velvet Revolution's "Divestiture for Democracy" (http://www.velvetrevolution.us/Campaigns/DV4D/) campaign launched on Presidents' Day last February. The campaign demanded accountability and openness by the Voting Machine Companies in what Velvet Revolution deemed a "patriotic duty" to "ensure free, fair and transparent elections" by the private companies entrusted with running our sacred public democracy. The BRAD BLOG (http://www.bradblog.com/) is a co-founder of VelvetRevolution.us (http://www.velvetrevolution.us/).

Konkol's complaint as filed today demands "a trial by jury."

The BRAD BLOG (http://www.bradblog.com/) will of course, compile an extensive, accurate and verifiable paper trail in regards to this story as it continues to unfold...

UPDATE Scott+Scott, LLC releases news of the case filing in a press release here... (http://biz.yahoo.com/prnews/051213/netu036.html?.v=32)

Scott+Scott, LLC Files Securities Fraud Class Action Against Diebold Inc.

Tue Dec 13, 2005
http://today.reuters.com/stocks/QuoteCompanyNewsArticle.aspx?view=PR&symbol=DBD.N&storyID=265189+13-Dec-2005+PRN


COLCHESTER, Conn., Dec. 13 /PRNewswire/ -- Scott+Scott, LLC(http://www.scott-scott.com), at the direction of clients, has filed asecurities fraud class action in the United States District Court for theNorthern District of Ohio against Diebold Inc. ("Diebold" or the "Company")(NYSE: DBD) and individual defendants.

Presently, the class is defined in thecomplaint drafted by Scott+Scott as those who purchased Diebold securitiesbetween October 22, 2003, and September 21, 2005, inclusive (the "ClassPeriod"). However, any purchaser of Diebold securities can contact the firm asthe Class Period may change as information is revealed. Diebold engages in thedevelopment, manufacture, sale, and service of systems, software, and variousproducts used to equip bank facilities such as automatic teller machines.

If you purchased Diebold securities during the Class Period and wish toserve as a lead plaintiff in the action, you must move the court no later than 60 days from today. Any member of the purported class may move the Court toserve as lead plaintiff through counsel of their choice, or may choose to donothing and remain an absent class member. If you wish to discuss this actionor have questions concerning this notice or your rights, please contactScott+Scott for more information.

Scott+Scott will provide class members withcase materials, answer all questions regarding participation and rights andassist with other services the firm provides. There is no cost or fee to you.Contact Scott+Scott partner Neil Rothstein (nrothstein@scott-scott.com,800/332-2259, ext. 22 or cell 619/251-0887). Diebold investors may alsocontact the firm at DieboldSecuritiesLitigation@scott-scott.com (DieboldSecuritiesLitigation@scott-scott.com). The complaint alleges that defendants violated provisions of the UnitedStates securities laws causing artificial inflation of the Company's stockprice.

According to the complaint, during the Class Period, the Company lacked a credible state of internal controls and corporate compliance and remainedunable to assure the quality and working order of its voting machine products.It is further alleged that the Company's false and misleading statementsserved to conceal the dimensions and scope of internal problems at theCompany, impacting product quality, strategic planning, forecasting andguidance and culminating in false representations of astonishingly low andincredibly inaccurate restructuring charges for the 2005 fiscal year, whichgrossly understated the true costs and problems defendants faced torestructure the Company. The complaint also alleges over $2.7 million ofinsider trading proceeds obtained by individual defendants during the ClassPeriod.

Finally, investors learned the truth about the adverse impact of the Company's alleged defective and deficient inventory-related controls andsystems on Diebold's financial performance. As a result of defendants'shocking news and disclosures of September 21, 2005, the price of Dieboldshares plunged 15.5% on unusually high volume, falling from $44.37 per shareon September 20, 2005, to $37.47 per share on September 21, 2005, for a one-day drop of $6.90 per share on volume of 6.1 million shares -- nearly eighttimes the average daily trading volume.

The plaintiff is represented by Scott+Scott, LLC, which has significantexperience in prosecuting investor class actions. The firm dedicates itself toclient communication and satisfaction and currently is litigating majorsecurities, antitrust and employee retirement plan actions throughout theUnited States. The firm represents pension funds, charities, foundations,individuals and other entities worldwide.

Cases currently being litigated and/or investigated by Scott+Scott, LLC include: Refco, Inc.; Guidant Corp.;Abbott Laboratories; Halliburton; TRM Corp.; and Faro Tech., among others. Itssuccess has brought shareholders hundreds of millions of dollars in casesagainst Mattel, Royal Dutch/Shell, Sprint, ImClone and others.SOURCE Scott+Scott, LLC

***

Florida county 'bans Diebold for life' (http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/1954/15595.html)

http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/1954/15595.html

[/URL] (http://www.bbvforums.org/cgi-bin/forums/board-profile.cgi?action=editpost&postid=15096&page=1954/15595) (http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/1954/15595.html#)

Wed. December 14, 2005: Due to contractual non-performance and security design issues, Leon County (Florida) supervisor of elections Ion Sancho has announced that he will never again use Diebold in an election. He has requested funds to replace the Diebold system from the county. On Tuesday, the most serious “hack” demonstration to date took place in Leon County. The Diebold machines succumbed quickly to alteration of the votes. This comes on the heels of the resignation of Diebold CEO Wally O'Dell, and the announcement that a stockholder's class action suit has been filed against Diebold by Stull, Stull & Brady and another firm, Scott & Scott. Further “hack” testing on additional vulnerabilities is tentatively scheduled before Christmas in the state of California.

Finnish security expert Harri Hursti, together with Black Box Voting, demonstrated that Diebold made misrepresentations to Secretaries of State across the nation when Diebold claimed votes could not be changed on the “memory card” (the credit-card-sized ballot box used by computerized voting machines.

A test election was run in Leon County on Tuesday with a total of eight ballots. Six ballots voted "no" on a ballot question as to whether Diebold voting machines can be hacked or not. Two ballots, cast by Dr. Herbert Thompson and by Harri Hursti voted "yes" indicating a belief that the Diebold machines could be hacked.

At the beginning of the test election the memory card programmed by Harri Hursti was inserted into an Optical Scan Diebold voting machine. A "zero report" was run indicating zero votes on the memory card. In fact, however, Hursti had pre-loaded the memory card with plus and minus votes.

The eight ballots were run through the optical scan machine. The standard Diebold-supplied "ender card" was run through as is normal procedure ending the election. A results tape was run from the voting machine.

Correct results should have been: Yes: 2 ; No: 6

However, just as Hursti had planned, the results tape read: Yes: 7 ; No: 1

The results were then uploaded from the optical scan voting machine into the GEMS central tabulator, a step cited by Diebold as a protection against memory card hacking. The central tabulator is the "mother ship" that pulls in all votes from voting machines. However, the GEMS central tabulator failed to notice that the voting machines had been hacked.

The results in the central tabulator read: Yes: 7 ; No: 1

This videotaped testing session was witnessed by Black Box Voting investigators Bev Harris and Kathleen Wynne, Florida Fair Elections Coalition Director Susan Pynchon, security expert Dr. Herbert Thompson, and Susan Bernecker, a former candidate for New Orleans city council who videotaped Sequoia-brand touch-screen voting machines in her district recording vote after vote for the wrong candidate.

The Hursti Hack requires a moderate level of inside access. It is, however, accomplished without being given any password and with the same level of access given thousands of poll workers across the USA. [U]It is a particularly dangerous exploit, because it changes votes in a one-step process that will not be detected in any normal canvassing procedure, it requires only a single a credit-card sized memory card, any single individual with access to the memory cards can do it, and it requires only a small piece of equipment which can be purchased off the Internet for a few hundred dollars.

One thousand two hundred locations in the U.S. and Canada use Diebold voting machines. In each of these locations, typically three people have a high level of inside access. Temporary employees also often have brief access to loose memory cards as machines are being prepared for elections. Poll workers sometimes have a very high level of inside access. National elections utilize up to two million poll workers, with hundreds or thousands in a single jurisdiction.

Many locations in the U.S. ask poll workers to take voting machines home with them with the memory cards inside. San Diego County (Calif) sent 713 voting machines/memory cards home with poll workers for its July 26 election, and King County (Wash.) sent over 500 voting machines home with poll workers before its Nov. 8 election.

Memory cards are held in a compartment protected by a small plastic seal. However, these simple seals can be defeated, and Hursti has found evidence that the memory card can be reprogrammed without disturbing the seal by using a telephone modem port on the back of the machine.

The Hursti Hack, referred to as “the mother of all security holes” was first exposed in a formal report on July 4. (http://www.blackboxvoting.org/BBVreport.pdf (http://www.blackboxvoting.org/BBVreport.pdf)).

Diebold has insisted to county and state election officials that despite Hursti’s demonstration, changing votes on its memory cards is impossible. (Public records from Diebold, including threat letter to Ion Sancho:
http://www.bbvforums.org/forums/messages/2197/10535.html (http://www.bbvforums.org/forums/messages/2197/10535.html))

On Oct. 17, 2005 Diebold Elections Systems Research and Development chief Pat Green specifically told the Cuyahoga County (Ohio) board of elections during a $21 million purchasing session that votes cannot be changed using only a memory card.

(Video of Pat Green: http://www.bbvforums.org/forums/messages/2197/14298.html (http://www.bbvforums.org/forums/messages/2197/14298.html)) Over the objections of Cuyahoga County citizens, and relying on the veracity of Diebold’s statements, the board has chosen to purchase the machines.

According to Public Records obtained by Black Box Voting, Diebold has promulgated misrepresentations about both the Hursti Hack and another kind of hack by Dr. Herbert Thompson to secretaries of state, and to as many as 800 state and local elections officials.

This story FINALLY getting picked up by mainstream media ...

County says electronic voting machines can be hacked

USA Today
Dec. 15, 2005

http://www.usatoday.com/news/nation/2005-12-15-opticalvoting_x.htm


TALLAHASSEE, Fla. (AP) — Tests on an optical-scan voting system used around the country showed it is vulnerable to hacking that can change the outcome of races without leaving evidence of fraud, a county election supervisor said.

The voting system maker, Diebold Inc., sent a letter in response that questioned the test results and said the test was "a very foolish and irresponsible act" that may violated licensing agreements.

Company spokesman David Bear did not return a phone call from The Associated Press seeking comment Thursday. Diebold's letter was written by its senior lawyer, Michael Lindroos, and sent to the state of Florida, Leon County and the county election supervisor, Ion Sancho.

Optical-scan machines use paper ballots where voters fill in bubbles to mark their candidates. The ballots are then fed into scanners that record the selections.

In one of the tests conducted for Sancho and the non-profit election-monitoring group BlackBoxVoting.org, the researchers were able to get into the system easily, make the loser the winner and leave without a trace, said Herbert Thompson, who conducted the test.

He also said the machine that tabulates the overall count asked for a user name and password, but didn't require it.

In the other test, the researcher who had hacked into the voting machine's memory card was able to hide votes, make losers out of winners and leave no trace of the changes, said BlackBox founder Bev Harris. The memory card records the votes of one machine, then is taken to a central location where results are totaled.

Sancho criticized the Florida Secretary of State's Office, which approves the voting systems used in the state, for not catching the alleged problems.

A spokeswoman for the secretary of state's office said any faults Sancho found were between him and Diebold.

"If Ion Sancho has security concerns with his system, he needs to discuss them with Diebold," spokeswoman Jenny Nash said.

The Miami Herald reported Thursday that Sancho scraped Leon's Diebold machines this week for a voting system from another manufacturer.

Many Florida counties switched to computer-based elections systems after the 2000 presidential election, when the cardboard punchcard ballots then in use were plagued by incomplete and multiple punches.


Copyright 2005 The Associated Press

The Business of Voting

New York Times
Editorial
December 18, 2005

http://www.nytimes.com/2005/12/18/opinion/18sun2.html


Diebold, the controversial electronic voting machine manufacturer, is coming off a tumultuous week. Its chief executive, Walden O'Dell, resigned. It was hit with a pair of class-action lawsuits charging insider trading and misrepresentation, and a county in Florida concluded that Diebold's voting machines could be hacked. The company should use Mr. O'Dell's departure to reassess its flawed approach to its business. The counting of votes is a public trust. Diebold, whose machines count many votes, has never acted as if it understood this.

Mr. O'Dell made national headlines when he wrote a fund-raising letter before the 2004 election expressing his commitment to help deliver the electoral votes of Ohio - where Diebold is based, and where its machines are used - to President Bush. Under pressure, Diebold barred its top officials from contributing to campaigns. But this month, The Plain Dealer in Cleveland reported that three executives not covered by the ban continued to make contributions to Republican candidates.

Diebold's voting machines have a troubled history. The company was accused of installing improperly certified software, which is illegal, in a 2002 governor's race in Georgia. Across the country, it reached a multimillion-dollar settlement with the California attorney general last year of a lawsuit alleging that it made false claims about the security of its machines. Last week, the top elections officer in Leon County, Fla., which includes Tallahassee, concluded after a test that Diebold machines can be hacked to change vote totals.

Diebold has always insisted that its electronic voting machines are so reliable that there is no need for paper records of votes that can be independently verified. Fortunately, the American people feel otherwise. Nearly half the states - including large ones like California, New York, Illinois and Ohio - now require so-called paper trails.

Paper trails are important, but they are no substitute for voting machine manufacturers of unquestioned integrity. As Diebold enters the post-O'Dell era, it should work to make itself worthy of the important role it now plays in American democracy.


Copyright 2005 (http://www.nytimes.com/ref/membercenter/help/copyright.html) The New York Times Company (http://www.nytco.com/)

Why do Diebold's Touch-Screen Voting Machines Have Built-In Wireless Infrared Data Transfer Ports?

IrDA Protocol Can 'Totally Compromise System' Without Detection,
Warns Federal Voting Standards Website

bradblog.com
Feb. 22, 2006

http://www.bradblog.com/archives/00002458.htm

So far, no state or federal authority -- to our knowledge -- has dealt with this alarming security threat

We hate to pile on... (Or do we?)

But, really, with all the recent discussion (http://www.bradblog.com/archives/00002453.htm) of California Sec. of State Bruce McPherson's mind-blowing about-face re-certification of Diebold -- against state law, we hasten to add -- this may be a good time to point out one small item that we've been meaning to mention for a while.

As Jody Holder's recent comment (http://www.bradblog.com/archives/00002453.htm#11) points out, McPherson's silly "conditions" for re-certification of Diebold in California require a few much-less-than-adequate knee-jerk "safe guards" towards protection of the handling of the hackable memory cards in Diebold's voting machines. (Here's McP's full "Certificate of Conditional Certification" (http://www.votetrustusa.org/pdfs/California_Folder/cert_doc.pdf)).

Never mind, as Holder mentions, that the protective seals to be required are easily peeled away without tearing. Or that such voting machines have been stored in poll workers houses for weeks leading up to an election. More to the point, for the moment, there are ways to manipulate the information on those memory cards even without removing them or breaking the seals. This is more of a concern than ever, since it was recently proven, by the now-infamous Harri Hursti hack (http://www.bradblog.com/archives/00002156.htm) in Leon County, FL, that changing the information on the memory cards can force election results to be flipped...without a trace being left behind.

On that note, here's the little item we've been meaning to point out. It's a photograph from the side of a Diebold AccuVote TSx touch-screen voting machine:

Now we have no idea what that "IrDA" port is meant to be used for with a touch-screen voting machine, but we do know that the IrDA (Infrared Data Association) is an Infrared port used for wireless connection between two devices. We used to have one on the back of our notebook and desktop computers which we used to keep the two systems synched up via wireless data transfers over that Infrared port.

A few election watchdog groups, including some members of the National Institute of Standards and Technology (NIST) who works with the federal authorities on these matters, have issued warnings about the IrDA port and protocols on voting machines. However, little -- if anything -- seems to have been done to mitigate the rather obvious security threat posed, as far as we can tell.

Here's how a page at Microsoft.com (http://www.microsoft.com/whdc/archive/win-irda.mspx), last updated December 4, 2001, explains cable-free Infrafred data transfer on the Microsoft Windows CE operating system (the operating system which happens to be used in Diebold's AccuVote touch-screen voting machines -- like the one pictured above)...

Imagine the following scenario: Two notebook computers are placed beside each other. A computer icon appears on both desktops with the name of the peer computer below it. Open one of the icons to display a folder with the contents of the peer computer's desktop. Drag-and-drop between your desktop and the open folder to move files between the two computers.

Imagine that the only configuration that this application required to be installed or used was the ability for the user to enable or disable it. Imagine that multiple such applications could be running at the same time without interfering with each other.

Imagine that this application could run on 23 million existing notebook computers at a transfer speed of 115Kbps, and on 14 million existing notebook computers at 4MBps. Imagine that all applications, regardless of the speed of the underlying hardware, would work with all other applications at a common fastest speed.

Imagine that the other notebook computer in this example was a digital still camera, a handheld personal computer, a data capture device or a device that supports electronic commerce.

As a bonus, assume that the two computers do not need to be cabled together.

This application is currently possible under Microsoft® Windows® CE and the Windows family of operating systems. The underlying technology is based on inexpensive, widely available short-range infrared transceivers that adhere to the Infrared Data Association (IrDA) standards. IrDA standards (available from the IrDA at http://www.irda.org (http://www.irda.org/)) also enable non-Windows devices to talk to Windows-based applications.

There ya go.

http://www.bradblog.com/Images/DieboldAccuVote_IrDA_PortMap.jpg (http://www.votersunite.org/takeaction/alert102604.htm)

The issue of the IrDA port on touch-screen voting machines hasn't been much discussed as far as we can tell. VotersUnite.org issued an alert (http://www.votersunite.org/takeaction/alert102604.htm) mentioning it, with a photograph (seen above), back on October 26, 2004. The alert warned:

3) A dangerous port on the Diebold touch screen!!

This from TrueVoteMD: Diebold AccuVote TS electronic voting machines have an infrared (IrDA) port installed. This is a remote communication port through which another remote device could communicate with the touch screen and change either its data or its software or both.

If your county uses Diebold touch screens, let your county officials and election judges know that it is crucial to cover the IR port with opaque tape.

The National Institute for Standards and Technology (NIST) -- who works with the federal Election Assistance Commission (EAC) to develop and recommend guidelines for electronic voting machines -- issued a similar warning [PDF] (http://vote.nist.gov/ecposstatements/CommentJohnson.pdf) about the Infrared ports on voting machines in a report which warned "The use of short range optical wireless," like infrared, "particularly on Election Day should not be allowed."

As mentioned, since touch-screen machines have been stored at poll workers' houses and other unsecured locations prior to Election Day, and since data can be transferred to the machines and their memory cards via Infrared -- even without removing the cards or breaking their protective seals -- the IrDA ports would seem to be a tremendous concern.

The NIST report discusses such concerns and some of the troubling security issues with IrDA protocols:

How Secure is IrDA

IrDA does not provide encryption at the Physical Layer, and depends on the end systems to implement security if any.
...
With optical, it is possible for a session to be ‘hijacked’ unless strong authentication measures are implemented between communicating systems. When a session is hijacked, a foreign device masquerades as a trusted system that is authorized to exchange data. Because the system has no way to distinguish the masquerader from the authorized system, it will accept anything from it as if [sic] was authorized.

The undated report -- from the EAC's own standards body, NIST -- then goes on to describe how simple and readily available IrDA software drivers are to obtain for use with UNIX and most Windows Operating Systems, including Windows CE. As well, it points out that such software could add executable code to the machines on, or prior to, Election Day and could then delete itself after ithe code has completed its main purpose [emphasis ours]:

IrDA Software

IrDA software drivers are available form [sic] a number of sources for use with UNIX, Windows and other Operating Systems (OS). Most versions of MS Windows come with support for IrDA already included. This is true of the MS Windows CE operating system as well as Windows XP. Microsoft also provides a free IrDA driver which can be downloaded from it web site. Other suppliers of IrDA systems (e.g., Ericsson) offer their own drivers including source code (Texas Inurnments [sic]).

With the source code available, an interrupt handler (executable code) could easily be added. For example, when the voting terminal receives a special bit configuration (caused by holding down multiple keys concurrently) that is outside the usually accepted range, a special interrupt could be generated invoking a handler that could be programmed to perform any desired function. This would require a small amount of code and could easily be hidden; such code would be difficult to discover.

If such code was installed in the driver, which is considered to be Commercial-Off-The-Shelf (COTS) [even if compiled and installed by the voting system manufacturer] it would not be examined by the ITAs [the federal Independent Testing Authorities].

Code in such a handler could be designed to place the voting terminal in a mode where it downloads and install [sic] an executable module, thus allowing unapproved logic to be added to the voting machine while in use on Election Day. Obviously this executable could perform any function the programmer desired including deleting itself when finished. The only recourse is to disallow communications with the voting terminal during use. It might be augured [sic] that such code could be added the day before Election Day.

Obviously, that last paragraph is very troubling. But also note the section about COTS.

The source code for that "Commercial-Off-The-Shelf" software is what Diebold recently argued that they couldn't provide to North Carolina after they changed their law to require all voting machine vendors to submit such code in order to receive state certification. Diebold went to state court (http://www.bradblog.com/archives/00002039.htm) arguing they shouldn't be forced to supply the source code for COTS software. Eventually, they lost that battle, and notified (http://www.bradblog.com/archives/00002190.htm) North Carolina they preferred to pull out of the state entirely (if the state wouldn't change the law for them) rather than complying with the state law requiring the submission of all such source code.

And another comment posted to NIST's voting website [PDF] (http://vote.nist.gov/comment_james_johnson.pdf) by James C. Johnson on October 5, 2005, also discusses the concern, revealing that the use of the IrDA protocols could be used at any time, even after final "Logic and Accuracy" tests have been performed, and thus "totally compromising the system":

In Diebold System's AccuVote TS systems these ports are supported using Microsoft's Windows CE with Winsock. This makes the application interface easy to program to, and all required drivers are already installed in the OS.

It is interesting that the VVSG [Voluntary Voting System Guidelines] currently under development, while mentioning this technology does nothing to restrict or prevent its use, not even on Election Day.

It is understandable that communications technology be used for pre election preparation, but is totally irresponsible and inexcusable to allow it to be used during an election. The presence of this technology makes it possible to upload to the voting system anything that is desired after the final "Logic and Accuracy" test have been performed, thus totally compromising the system.

Perhaps some of you have additional thoughts on this matter. Like why such a port would be needed, or even present, on a touch-screen voting machine [I]at all. And why the existence of such a port -- to our knowledge -- has hardly been discussed at all in conjuction with these machines. Especially in light of the now-infamous Leon County, FL "hack test" (http://www.bradblog.com/archives/00002156.htm) proving that executable code can be added to Diebold's memory cards resulting in a completely flipped election...as we've said...without a trace being left behind.

/me packs my programmable IR remote.


I'm a' goin' Votin'!

I've been watching this story closely for a few years now through the Black Box Voting website and I was so glad to see your postings here.
People just don't get it. I've tried to convince people, but this is not a saga that condenses into talking points and I usually get blank stares. ANYONE who actually reads this stuff and spends enough time examining the details will see that there is a BIG PROBLEM HERE. I literally feel like I am in the twilight zone some times when I follow these stories and then look up to see the rest of the country going about its business.

Is there anybody out there..........NOPE. nobody........

oh dear God, help us in November.

I agree. Why this doesn't make the news and doesn't outrage the electorate is beyond me. Yet everyone knows about the baby on Britney Spears' lap.