Slashdot Mirror

1. Emery County is majority Republican in both population and voting.
2. Bruce Funk was not skeptical of the machines until after inspecting them.
3. He was, however, a bit worried that the state expected local officials to be responsible for all problems, but mandated the use of these machines.
4. He then noticed that supposedly identical & pristine machines had widely differing amounts of free memory.
5. Rather than go to the state or to Diebold, he called Black Box Voting.
6. It's really doubtful that (as Diebold claims) font differences could eat up 20MB.

Yes, what could possibly go wrong with computer voting? http://www.bbvforums.org/forums/messages/8/114.htm l Your example is ridiculous. The problem with computer voting using a closed-source voting software program whose data is easily manipulated without leaving any trace is that anyone can more easily alter votes without detection. The fact that it rained on some SAT scores is irrelevant because it doesn't address the issue of manipulating votes. Surely you understand that someone can easily change the outcome of an election by changing a massive number of votes without leaving a trace? Sure, accidents happen, but adding this unprotected, unaudited code in the mix makes manipulating votes easier, not harder, which is troublesome, given Diebold's connections to the Republican party. http://www.democracynow.org/article.pl?sid=03/09/0 4/159216

Some of us at the blackboxvoting.org forums may have discovered a simple system based on the idea of simply displaying OMR-able ballots after they're cast and letting all parties do a quick independent count...can also be used for reasonable oversight.

It has the potential for being as fast as DRE's but as trustable as paper ballots and cheaper than both.

We just came up with it recently and we're working out the details.

We could use some fresh feedback. I'm thinking of calling it "Open Counting"

http://www.bbvforums.org/forums/messages/9707/1777 9.html?1141327589

Sorry, I heard about this slashdot story late

peace 2 u,
-anwar

Had he contacted any one of a dozen agencies to handle the complaint, he'd be in no legal trouble.

And we would be adding one more to the growing list of investigations that are getting us nowhere. This needs to be out in the open. It needs to be in mainstream media.

The public has to understand that when they use a Diebold machine, they're not necessarily getting the vote they think they are.

You be welcoming me to Bizzarro World!!!

They point at the original data here:

http://www.bbvforums.org/forums/messages/2197/6628 .html

That's approximately 65,000*40==2,600,000 records, most of which are vote records, but which also contain error indications. Unfortunately, becuase these are computers, that doesn't at all mean that there are 70,000 miscounted votes. Even *one* unexplained event is enough to call a machine's tally into doubt. No? What about this event:

deltree /Y C:\

It's interesting that all the evidence is presented from one site and not corroborated anywhere outside the domain of bbvforums.org. In fact, the only links presented on the article's link are articles saying the claims are groundless.

It's interesting that all the evidence is presented from one site and not corroborated anywhere outside the domain of bbvforums.org. In fact, the only links presented on the article's link are articles saying the claims are groundless.

What's really amazing/frightening to me is how long it has taken for the mainstream media to pick this up. The tests done by Harri Hursti for Leon County were conducted and reported back on December 13th, 2005! The Post waited until a slow news day over a month later to report on it. Since then, there's been a whole slew of additional activity on the voting machines front. For more details, see the original blackboxvoting.org article.

--Paul

Disclaimers: I have been working with the good folks at TrueVoteMD.org to get the d*mned things banned in Maryland, my home state; I'm also a plaintiff in a lawsuit in Maryland that seeks to force the Maryland State Board of Elections to follow exsting state law and get rid of them.

Please see:
http://www.bbvforums.org/cgi-bin/forums/board-auth .cgi?file=/1954/15583.html

And search for "properties".

To quote the latest article on the Black Box Voting site (and then some background below that):

---
http://www.bbvforums.org/forums/messages/1954/1559 5.html?1134523376

Due to security design issues and contractual non-performance, Leon County (Florida) supervisor of elections Ion Sancho told Black Box Voting that he will never use Diebold in an election again. He has requested funds to replace the Diebold system from the county. He will issue a formal announcement to this effect shortly.

Finnish security expert Harri Hursti proved that Diebold lied to Secretaries of State across the nation when Diebold claimed votes could not be changed on the memory card.

A test election was run in Leon County today with a total of eight ballots - six ballots voted "no" on a ballot question as to whether Diebold voting machines can be hacked or not. Two ballots, cast by Dr. Herbert Thomson and by Harri Hursti voted "yes" indicating a belief that the Diebold machines could be hacked.

At the beginning of the test election the memory card programmed by Harri Hursti was inserted into an Optical Scan Diebold voting machine. A "zero report" was run indicating zero votes on the memory card. In fact, however, Hursti had pre-loaded the memory card with plus and minus votes.

The eight ballots were run through the optical scan machine. The standard Diebold-supplied "ender card" was run through as is normal procedure ending the election. A results tape was run from the voting machine.

Correct results should have been:

Yes:2 No:6

However the results tape read:

Yes:7 No:1

The results were then uploaded from the optical scan voting machine into the GEMS central tabulator. The central tabulator is the "mothership" that pulls in all votes from voting machines. The results in the central tabulator read:

Yes:7 No:1

This proves that the votes themselves were changed in a one-step process that would not be detected in any normal canvassing procedure - using only a credit-card sized memory card.

Diebold Elections Systems head of research and development Pat Green specifically told the Cuyahoga County board of elections that votes could not be changed on the memory card.

According to Public Records responses obtained by Black Box Voting in response to our requests shows that Diebold promulgated this misrepresentation to as many as 800 state and local elections officials.

In other news, according to Bradblog a stockholder suit was filed today against Diebold by the law offices of Scott and Scott:

http://www.bradblog.com/archives/00002153.htm

Permission to reprint granted with link to http://blackboxvoting.org/
---

Jim again. Let me fill you in on the background.

Six months ago Leon County elections administrator Ion Sancho asked us (Black Box Voting) to "test hack" his Diebold optical scan system. We brought Finnish security expert Harri Hursti and Dr. Hugh Thomson from Florida along.

Dr. Thomson proved that the central tabulator's database (in MS-Access of all things) can be hacked without a retail copy of MS-Access present. He used Visual Basic to control the MS Jet database engine directly, using very small script files...small enough to be typed in via MS-Windows Notepad at the tabulator console. We already knew the MS-Access database was tamper-friendly but this was real-world proof that you didn't need to bring in and load a copy of Access to tamper. The same things can almost certainly be done in Java and probably other ways as well.

Harri Hursti pulled off something new.

The report co-written with Bev Harris proved it's possible to doctor the poll tapes. These are the end-of-day printouts showing the number of votes for each candidate or issue taken in on that machine. It's basically

http://www.bbvforums.org/forums/messages/1954/1303 7.html

"New information obtained by Black Box Voting investigator Jim March shows that mail-in votes in upcoming Nov. 8 elections will lack crucial safeguards. The Diebold "GEMS defect" -- the ability for anyone with access to change vote results on the "mother ship" that tallies and controls election results -- has now been acknowledged by Diebold, but has not been mitigated in most locations, and it is worse for mail-in votes. The GEMS defect has been proven. The risks are significant. Mail-in votes are at exceptional risk because they are counted on a system that lacks protective features found on polling place machines. While the precinct-based optical scan machines made by Diebold produce a results tape, the same machines, when counting mail-in ballots, use a different program and do not store vote tallies on a memory card, nor do they produce an independent results tape. Therefore the defective GEMS program holds the only record for absentee vote totals. "

Hey Black Box dudes - why aren't the mail-in ballots themselves a pretty good paper trail for themselves!?!?

I noticed the first article says that "California officials have agreed to let a computer expert attempt to hack into Diebold machines to examine how secure they are."

That's false. California in no way, shape, or form 'agreed' to anything. BBV required them to comply with their own laws. "Agreed" makes it sound like they had an option.

California is required by law to allow registered political parties to inspect the machines used for voting.

The Libertarian party hired the Black Box Voting group for a dollar to 'hack' the machines on their behalf after Black Box Voting filed a request under "California Election Code 19202, which governs ... voting machine testing."

Basically the law allows for a political party to request replication of previous testing by their own experts.
More detail here: http://www.bbvforums.org/cgi-bin/forums/board-auth .cgi?file=/1954/14331.html

"Under pressure to comply with State Law, Diebold comes up with great excuse".

There is no way they will meet the law, because once it becomes apparent that the software has holes that allow vote manipulation, the remaining states will do the same.

Of course, the darkside is still trying to keep the public in the dark, at least in California.

Here's the rules that BlackBoxVoting must meet.

California protocols sent to Black Box Voting when they invited us to do the test Nov. 30:

- The media cannot attend
- The public cannot attend
- The number of people we can bring is so small that we cannot bring our attorney or a court reporter
- We cannot videotape, record, or keep explicit notes on it
- We cannot retain our own work product
- We cannot tell anyone what happened in the test

I don't fault Diebold for being reluctant to move forward given the language of the statute.

It seems to be clear that the intent was to have the actual source code and not just a copy of the software. Also, it isn't at all clear if that means the underlying platform or just the voting application on top of it, but why take a chance. And really, what would be the point of having access to half of the software stack?

Either the state of North Carolina really doesn't want a windows based voting solution or they are accidentally sending the message that "no closed source solutions need apply".

In either case poor, misunderstood Diebold may have to take their ball and go home. I think we can all agree that given their track record, this is a good thing.

Black Box Voting is complaining that there is no paper trail for the counting of mail-in paper ballots.

http://www.bbvforums.org/forums/messages/1954/1303 7.html

"New information obtained by Black Box Voting investigator Jim March shows that mail-in votes in upcoming Nov. 8 elections will lack crucial safeguards. The Diebold "GEMS defect" -- the ability for anyone with access to change vote results on the "mother ship" that tallies and controls election results -- has now been acknowledged by Diebold, but has not been mitigated in most locations, and it is worse for mail-in votes. The GEMS defect has been proven. The risks are significant. Mail-in votes are at exceptional risk because they are counted on a system that lacks protective features found on polling place machines. While the precinct-based optical scan machines made by Diebold produce a results tape, the same machines, when counting mail-in ballots, use a different program and do not store vote tallies on a memory card, nor do they produce an independent results tape. Therefore the defective GEMS program holds the only record for absentee vote totals. "

Hey Black Box dudes - why aren't the mail-in ballots themselves a pretty good paper trail for themselves!?!?

Let's make a few points clear here.

1) The Libertarian connection happened as a result of California Election Code 15004, which reads:

---
The county central committee of each qualified political party may employ, and may have present at the central counting place or places, not more than two qualified data processing specialists or engineers to check and review the preparation and operation of the tabulating devices, their programming and testing, and have the specialists or engineers in attendance at any or all phases of the election.
---

So we (Black Box Voting) approached the California Libertarian Party to team up and do up-close inspections of these voting machines, or at least explore what's possible under 15004. They hired us at a buck a day. The main result: we ended up with listings of installed software and drivers that make it obvious Diebold wasn't obeying a court order to shut down networking drivers that weren't necessary. We've complained to the California AG's office about this and Diebold's cross-connection of the San Diego central tabulator box to the Internet (also banned by both the same court order and state regulation). More details at:

http://www.bbvforums.org/cgi-bin/forums/board-auth .cgi?file=/1954/14325.html

This upcoming "test hack" at the California Secretary of State's office is another matter entirely.

This all started when we (Black Box Voting) hired Finnish security consultant Harri Hursti to help out in a "test hack" in Leon County FL where the county elections official (Ion Sancho) was worried about all this "Diebold" controversy.

What Hursti found was pretty wild. In short: before the election, all the precinct memory cards are prepped from the central vote count box with the ballot and candidate data...normal enough. But the cards are also prepped with interpreted BASIC code loaded into all the memory cards to control the output of the summary counter printer at each precinct. Worse, if you mess around with that code loaded first at the central tabulator, you can make that end-of-day-printout read whatever you want...put in a vote-skimming routine, false numbers, whatever. Nothing in the system at the central or precinct ends checks for hashes or whatever to see if the BASIC code is legit. Said code can be date/time sensitive so that the machines will still pass Logic&Accuracy testing before or after the election. With the paper trail at the precinct dickered with, you can use the other major hack available - altering the central database of votes to match the precinct report paper. Not hard - the central database of votes is written in MS-Access so either load a commercial copy of Access and tweak by hand, or load/type a Visual Basic script to monkey with the JET database engine (the "Access back end") on autopilot.

Net result: one thoroughly "pwned" election.

The full report:

http://www.blackboxvoting.org/BBVreport.pdf

Since then, *nobody* has tried to duplicate the Hursti results. If they're true, Diebold would have to do a nationwide recall and the Federally approved testing labs (Ciber Inc. in Huntsville AL and a division of Wyle also in Huntsville) would need a visit by people with badges, guns and search warrants.

After the preliminary report on the Leon County hack was released but before the final report linked above, Bev Harris and I formally asked the California Secretary of State's office to check out the issues Hursti found, under yet another obscure clause of the California elections code, 19202:

---
Any person or corporation owning or being interested in any voting system or part of a voting system may apply to the Secretary of State to examine it and report on its accuracy and efficiency to fulfill its purpose. The Secretary of State shall complete his or her examination without undue delay

To put this in context, the California Secretary of State did not originate the idea and suddenly decide to invite us to a test.

Black Box Voting formally issued a request for replication of the Hursti findings under California Election Code 19202.

http://www.bbvforums.org/forums/messages/1954/8556 .html?1122679073

http://www.bbvforums.org/forums/messages/1954/8568 .html?1122664155

The good news is, it was only 18 hours. Still sucked :). And coming up with $10k in bail was a pain.

But the DA's office dropped all charges:

http://www.bbvforums.org/forums/messages/1954/9425 .html?1124737282 ...and I've taken the first step in suing 'em:

http://www.equalccw.com/claimforcivildamagesnet.pd f

http://www.bbvforums.org/forums/messages/1954/8556 .html?1122679073

http://www.bbvforums.org/forums/messages/1954/8568 .html?1122664155

The good news is, it was only 18 hours. Still sucked :). And coming up with $10k in bail was a pain.

But the DA's office dropped all charges:

http://www.bbvforums.org/forums/messages/1954/9425 .html?1124737282 ...and I've taken the first step in suing 'em:

http://www.equalccw.com/claimforcivildamagesnet.pd f

http://www.bbvforums.org/forums/messages/1954/8556 .html?1122679073

http://www.bbvforums.org/forums/messages/1954/8568 .html?1122664155

The good news is, it was only 18 hours. Still sucked :). And coming up with $10k in bail was a pain.

But the DA's office dropped all charges:

http://www.bbvforums.org/forums/messages/1954/9425 .html?1124737282 ...and I've taken the first step in suing 'em:

http://www.equalccw.com/claimforcivildamagesnet.pd f

Perhaps working with reports from field investigators, concerning problems with Diebold would be a better use of electrons than fobbing off mere assertion as accepted fact.

We could start with this report on the Florida elections and indications of startling Diebold inadequacies and problems, with field-based documentation:
Florida FEC Report (PDF Format)

There are plenty of documents on Diebold any citizen interested in fair, open and free elections would find worth reviewing. More can be found here:
Original Diebold Memos -- FULL SET

It would seem when real sunshine is put on Diebold adn the states using their machiens, it's not all that pretty a sight. Getting the paper trail, the electronic audit trails, and the ability to fully observe (within the state laws governing this) the election processing seem essential to preserving the integrity of our elections.

It is important to differentiate between vote fraud, voter fraud and voter disenfranchisement. Vote fraud occurs during the actual counting and/or certification stages and is what election officials can go to jail for doing. Voter fraud occurs at the polls by individual voters, although they may linked in a social group, and the individual voters could go to jail for this. Disenfranchisement occurs between the intended voter and the polls, cutting off a percentage of the eligible electorate from having their chance to be counted in the voting. The issues with the Diebold machines are mostly vote fraud.

Disenfranchisement might be alledged when insufficient machines are assigned to a polling place with a higher percentage of the opposition party and an overage of machines assigned to polling places where the party in power is favored. This in an of itself is not a Diebold problem. It's state election board problem. Now if what happens is lots of malfunctioning machines appear in the opposition polling place while working ones appear in the polling place where the incumbant is favored, and Diebold had certified all the systems as ready for deployment, then we have to ask what Diebold's involvement and interests were.

Certainly corruption and misreporting on a massive scale can be avoided entirely by "backing up" an electronic process with a paper trail - because paper based voting systems are infallible!

Just ask anyone from Florida.

At least paper ballots never return a negative number.

Paper ballots are necessary, because we have generations of techniques, technology, and sensibilities for finding evidence of fraud in their post-election condition. But, of course, we also have generations of ways to defraud voters with them as props.

For example, Washington and Florida states each have recent laws to prevent paper ballot recounts from interfering with a successful fraud. And remember that "hanging chads", and Florida's destruction of confidence in presidential ballots, are made of paper. Our Florida lab also produced 2004 "optical scan" results often reversing Democratic county registration rates in favor of Bush, while (hardcopyless) touchscreens tracked with registration and exit poll numbers.

Paper is a link in a chain. Paper ballots might not be the weak link, but they have their own weaknesses, some as old as fire.