Slashdot Mirror

Certificates it's what's not for dinner. Especially on my rack
XP graduates to cloned, offline built, air-gap-ed-hood
7 graduates to cyber nanny infested, wrongful accused, business killing, ad network for anyone left with money much longer
NETBSD and LINUX users scratch their heads or asses wondering if consequences mean restrictions on data, speed, ports, commerce, content

Certificates as an idea, vision, and framework is another fiat terrorism (TM) "DHS/TSA" for small business, journalists, media, artists, bands, or people who just want to have a server and host things non profit.

The heck with working on the predictable tcp packet sequence problem
or ipv4 or ipv6 or ipv4/6(mix em and matchem) firewalling right?

You break a big rule in my book, you've make it not fun to be here.

You've made your "problem" into something which could quite literally backfire on everyone, including you and do even worse damage to the economy if it be maliciously foisted on an already hurting, paranoid from legal abuse, bankster, mortgage, bailiout, theft and vague false flag laws, unacceptable unconstitutional tos/aup and spied(1) on rotting unless part of the mix of Orwell 1984 + sky net infrastructure with rapidly worse choices of points of entry. You've also threatened everyone with "consequences" , do you think we are all your slaves. Are you really that insolent. Your likely one of those idiots who don't understand chain of custody and public oversight is the problem with internet voting, not which crypto is best(2). You probably think NFLX should be able to foist it's bandwidth problem on everyone else. But like crypto since the mid 90's not much have changed with all that dark fiber and this retarded-ness we call communications ran by a public hating fcc board who our financial and sometimes very physical life depends on. We are called customer, not US citizen(3). Everything is broken you better wake up. It's past time to start nipping these fascist framework visions in the bud.(4)

1. cryptome.org - Online Spying Guides
2. blackboxvoting.org - (USA) 1/11 - TOWARDS A MORE EFFECTIVE APPROACH TO FIGHTING INTERNET VOTING - by BEV HARRIS
3. I am Not a US Customer, I am a US Citizen

4. The Ben Burnank, Bill Gates, BLS, Corruption, CPI, Credit Crisis, Crude Oil, Federal Reserve, Fractional Reserve Banking, Hyperinflation, Meltdown, National Debt, Quantitative Easing, Recession, recovery, Reserve Currency, Unemployment, World Bank, The Sheeple

Would that have been Leon County? Volusia County? Broward? Sarasota?

Perhaps Palm Beach?

Hope I haven't burst your bubble, but there sure is a lot of fraud going on in Florida. Much more than I thought when I started this post...

Would that have been Leon County? Volusia County? Broward? Sarasota?

Perhaps Palm Beach?

Hope I haven't burst your bubble, but there sure is a lot of fraud going on in Florida. Much more than I thought when I started this post...

Would that have been Leon County? Volusia County? Broward? Sarasota?

Perhaps Palm Beach?

Hope I haven't burst your bubble, but there sure is a lot of fraud going on in Florida. Much more than I thought when I started this post...

Would that have been Leon County? Volusia County? Broward? Sarasota?

Perhaps Palm Beach?

Hope I haven't burst your bubble, but there sure is a lot of fraud going on in Florida. Much more than I thought when I started this post...

Would that have been Leon County? Volusia County? Broward? Sarasota?

Perhaps Palm Beach?

Hope I haven't burst your bubble, but there sure is a lot of fraud going on in Florida. Much more than I thought when I started this post...

http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/8/80622.html

Some have even been booted out of the process for poor performance, most recently when NIST (National Institute of Science and Technology) started looking at them. Systest was just kicked out, see this story and links from there for details:

http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/1954/79428.html

Cyber was so bad, you could jam a cheap pocket calculator halfway into a banana, pay 'em enough money and they'd have declared it "an acceptable election technology" or somedamnthing.

This is the same GEMS that uses Access as a backend, is it not? Does this kind of thing really surprise anyone anymore?

"Such a feat should be possible soon"

One top scientist was quoted as saying, "It's so easy a caveman could do it".

That sounds a lot like the demo a while back that changing the contents of files in some computerized voting machines was so simple that a chimp can do it. (Actually, I googled for "chimp voting machine", and the first hit was at foxnews.com, of all places. And there were about 133,000 hits, which seem to be mostly about this fun story. ;-)

Of course, cloning a mammal is a lot more difficult than changing a file inside a computer. But I'd also note that whoever that "top scientist" was, he probably has cavemen as ancestors. And there are, technically speaking, a lot of "cavemen" in the world today. I had some friends in high school who liked to tell people that they lived in a cave. Their house was built against, and partly inside, a steep hillside. It faced south, and had mostly glass on the south side. It was one room deep and three rooms (stories) tall, i.e., a house sorta built on its side. It was a very nice house, and was cheap to heat and cool.

link

BlackBoxVoting.org published an announcement that voting machine vendors are now hiring more support techs, asking people with skills who want to protect democracy from broken voting systems to get paid to do it:

On Sun, 8/24/08, Black Box Voting wrote: From: Black Box Voting
Subject: From BBV: Patriotic Techs - Please apply for voting machine tech temp jobs

Widest possible distribution needed. Please do spread this in blogs, etc:

This post will no doubt produce howls of objection for the vendors that read it. Black Box Voting is encouraging all individuals with a technical background to search and apply for temporary tech ELECTION SUPPORT jobs for the November 2008 election. Hiring is underway for temporary technicians to help with voting machines this fall.

Vendor dependence is undermining the structure of US elections, as described here in the new report by VotersUnite.org:
http://www.votersunite.org/info/ReclaimElections.pdf

We want to see You, the People, enter into the vendor mix directly HOW TO FIND TEMPORARY ELECTION TECH POSITIONS:
In a presidential election year, voting machine vendors will hire and trainthousands of technicians staffed around the country. For example, anywhere that Election Systems & Software has a machine, they are under contract to provide an on-site support tech. Hart Intercivic, Premier (Diebold), and Sequoia also use Election Day support technicians.

Temporary election tech support jobs have been spotted on hotjobs.com, rollouts.com, and local tech temp firms like (in 2006) DecisionOne. The tech services firm may be a subcontractor for the big four voting machine companies.

Sometimes you'll find the positions advertised by your local county. Sites like Rollouts.com have you register in their E-tech database. They search for techs based on skill set and area. There isn't much in the way of a skill set needed for the election projects.

QUIETLY APPLY FOR THE JOBS Anyone with tech skills interested in safeguarding the November election is encouraged to regisster at technical recruiting sites and apply for any election-related projects.

CONSIDER ASKING FOR TIME OFF ON YOUR FULL TIME JOB TO DO THIS. This November, there may be no better way to watch the behind-the-scenes process than to be a stagehand, so to speak. It is not the vendor, and not the government, that has the right to elections information, it is the PUBLIC.

Citizens have inalienable rights to sovereignty over the government they created and pay for. These rights cannot be honored without mechanisms to see all information related to elections, and ultimately, to have control processes that honor citizen sovereignty. That said, it ain't gonna happen this November. Therefore it is entirely appropriate, patriotic, and important, for citizens to apply for temporary positions as voting machine technicians to provide inside public oversight for the process. There will be nondisclosure agreements, which are not appropriate at all for public elections, but it's a reality now that vendors are trespassing on citizen right to know. There may be issues that arise which the public clearly has a right to know. When that happens, a decision must be made.

YOU WON'T BE THE FIRST We have already been in communications with other patriotic volunteers who have successfully obtained these positions in the past, and are doing this for November. THERE ARE ALWAYS WAYS TO DEAL WITH IMPORTANT ISSUES IF THEY ENDANGER THE PUBLIC GOOD. You, the People, are needed on the inside of the elections industry this November. This is a public service bulletin from Black Box Voting. Black Box Voting Tool Kit 2008 - free download here: http://www.blackboxvoting.org/toolkit2008.pdf Empower more election watchdog actions:

What you say should be correct, but it seems that some people, especially in Florida, seem to think that voting machines need a cellular internet connection.

Unless Sprint has support for encryption, VLANs, and a whole lot of security, the machines seem to be connected directly to the internet.

It could be possible to sniff the data as it is being sent over the Sprint Aircard.

For the Optical Scan wacko inside you.

http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/73/71732.html

Is this thread done.

Stick a fork in it?

The Pro-Electronics wackos going to lob more shit on or do I need to debunk every fucking thread?

I don't think Republicans can learn anything new about stealing elections.

But for everyone else, BlackBoxVoting.org has just published a new toolkit for spotting rigged elections as they happen, and in evaluating their aftermath.

BBV.o is run by Bev Harris, who can be difficult to work with, but her entire operation is an "open source" style project that hands out tools and info to anyone who wants to DIY. Try it at home!

replying to my own post. I found some analysis that I had seen before about Sequoia e-voting machines used in the 2004 presidential race in Palm Beach County (FL). When I first saw this data I was astounded at what their analysis showed. Assuming that BBV is a fair and honest non-profit (after all you should be suspicious of everyones motives when dealing with things like this) what they found is horrifying. http://www.bbvforums.org/forums/messages/1954/19421.html?1141918235

Here is one of the more incredible accounts.

I guess maybe punchscan has it right...

When your security procedures are this lax, anything can happen.

These things happen in primaries. Often a lot of independents swing the same way, or last-minute campaigning changes people's minds.

This is true, but it still doesn't explain the discrepancy between the Obama vote in Diebold districts vs hand counted districts. See for yourself.

The Ron Paul situation was inexcusable as well. How does someone receive 31 votes in a small town, but get called in to state headquarters as 0? This indicates one of three things:

1. Whoever was calling in was horribly incompetent.

2. Whoever was calling in was paid off to throw the numbers.

3. Whoever was calling in was personally biased, and decided to ignore the 0.

I tend to think it was #1 or maybe #3, because putting down a 0 would be downright retarded if you're trying to rig an election. Had the number for Paul been 10 rather than 31, nobody would have known. It just became obvious when one Ron Paul supporter said "Hey, I'm from that town and I voted!".

This sort of thing can't happen in elections.

Even if our elections are not being fixed one way or another, the fact that they can be fixed should convince us to change (god I'm sick of the word change...).

Since this is News for Nerds, does anyone have good ideas for a computer based voting system that allows people to keep the anonymity of their vote while still providing proof the vote wasn't fixed?

NH (and most of the rest of New England) doesn't seem to mind about its own digital voting being in unaccountable private hands, as it wields its totally disproportionate influence on the voting of the entire country.

I encourage you to call your local elections office and ask to become a poll worker. You'll learn more in a day working an election than you can read online in a year.

The "second chance" feature of my county's Diebold AccuVote OS (optical scanner) units is covered in our poll worker guides. Alas, I can't find an online link for that guide.

Black Box Voting's doc cache has a copy of the AccuVote OS manual online. I just did a quick scan. The ballot rejection feature is mentioned on page 35. Here's the entry.

I'm reasonably certain that all the other vendor's precinct-based optical scanners would have the same functionality.

Note that disabling this feature is a very, very bad idea. Part of how Florida 2000 was gamed was turning off the second chance feature in heavily Democratic areas. So if the ballot had an error, the machine just accepted the ballot and didn't count the votes. (Florida isn't a "voter intent" state. I don't know all their rules. But I think it's an all or nothing system. So any error on the ballot invalidates all the votes.) Meanwhile, the second chance feature was left on in heavily Republican areas. This is one of the reasons why different jurisdictions had different rates of undervoting and rejected ballots.

If you're really curious, email me at zappini gmail com and when I find my electronic copy of our poll worker guide, I'll send it to you.

Just scanned the replies (3 or higher, nested). Lots of uncritical praise, very little skepticism. If everyone here can take a breather from the mutual admiration and basking in the collective wisdom, as it were, I'd like to set everyone here straight.

First, and please remember this, the ideal is private voting and public counting. Aka "The Australian Ballot".

Computerized voting machines are fatally flawed. Unredeemable. There is no way to have a fully electronic system which protects the secret ballot as well as ensures the public vote count. Can't be done. Cannot. Be. Done. Period. Despite what all the electronic voting enthusiasts tell you. (I'm looking at you, Avi Rubin.) If you don't understand this, then please stop kibitzing, figure out how our voting systems should work (historically) and get up to speed. Thank you.

Second, this bill relies on "auditing" to ensure the integrity of our elections.

That never works. You cannot test your way to quality. Any one working software knows this. If you're in software and don't, please stop pretending and resign your job.

Additionally, by the time the mistake happens in an election, it's already too late. Too late. Because there's no recourse.

Timothy B. Lee, and other electronic voting apologists, like to mischaracterize the opposition of informed and experienced election integrity activists and experts. I can't guess why. My pet theory is unbounded technolophilia. Others suspect darker motives. Who's to say.

Anyone actually concerned about the health of our democracy would do well to read the criticisms of Holt's HR 811. Here's Beware of the Bandwagon -- A concise list of problems with Holt Bill HR 811 and Help Amend HR 811 to prohibit "electronic ballots."

That is all. I'm happy to answer anyone's questions. I'll check back later.

...early in '06. There were only three labs approved to test voting machines, Ciber, Wyle and Systest.

Ciber and Wyle are in Huntsville AL, right next to the Redstone arsenal. They mostly do military gear testing, voting systems are a sideline.

Systest is in Colorado and *might* be the most competent of the bunch. Wyle and Ciber were the two used most by Diebold.

All three labs were invited to testify in California. Ciber was a no-show.

The other two come across as complete loons, Wyle especially. There is a transcript up of the hearings here, plus a link to the original MP3:

http://www.bbvforums.org/forums/messages/2197/Cali fornia-ITA-hearings-27281.pdf

I'm hoping you can provide an example -- anywhere -- where you have had an opportunity to compare the paper against the machine. Of course, they did that in Cleveland, the only place in history I think that has ever actually compared the DRE "voter verifiable paper audit trail" with what the machines said. That cost Cleveland about $350,000.

It didn't match.

I am currently up to my ears in "auditing." First, you can't get the records. Those records you are allowed to look at, you can't do so in a timely manner, generally until after all recount and contest periods have expired. And those records you get to look at generally have information on them that doesn't reconcile. When it doesn't reconcile, you don't get meaningful answers. And there are no consequences for public officials who run mismatched elections, except in the rarest of cases, such as what's happening in Sarasota right now -- but that took citizens groups from 3 counties and a team of lawyers. Sarasota citizens take back their elections

In every election, we are seeing more votes than voters, zero reports that aren't zero, machines that don't match their paper results reports, lost votes, but mostly, we aren't allowed to see. A little-known secret is that even in locations where they have "random x% manual audits" the random is "selected" (you heard me) and the audits frequently don't match. When they don't, there is no expansion of the audit, and indeed, there is not even a disclosure to the public that it didn't match.

If you are persistent enough to find out when the "random" audit will take place, you MIGHT be able to watch, and if you are allowed to watch, you MIGHT be able to actually see anything. It is common for them to put you too far away to view the ballots, just as it is common on Election Night for them to turn the computer screens away from the observer area so that observers get to watch the back of the monitor, not the front.

Theories of how elections should work run into a bumpy ride when you watch first-hand how elections are actually run.

But let's suppose we solve those problems.

With computerized voting, it takes a small wheelbarrow and about 60 days free time to engage in stupefyingly tedious but precise work to audit just one jurisdiction. You've got to check the (Diebold) computerized voter registration system with the (Diebold) electronic pollbook and then look at the (Diebold) voting machine results tapes and then compare them with the (Diebold) central tabulator report. But all those things can be rigged, as we showed in the HBO film "Hacking Democracy." What remains is counting all the paper votes. Not a sample. All of them.

But counting the "VVPAT" is almost a comedy. It's printed on 8-pt type on a roll made of thermal paper that is about 3 inches wide and a few hundred feet long. If you thought staring at chads was bad, you'll croak when you see this. But that's not all.

The chain of custody for the paper trail, which you MIGHT get to see after weeks have passed, is another of life's little mysteries. But let's assume the chain of custody is acceptable. In San Diego, they charge a dollar a vote to look at the ballots. To look at just 11 precincts (out of over 500) citizens were hit with an unitemized bill for over $8000. At least they could look -- in Marin County, the race was dictated by the absentee ballots, and citizens were told that it is not possible to sort the absentees for just their candidate, so they'd have the choice of paying for looking at ALL of them or paying an even bigger fee to have them sorted.

But that's in the more voter-friendly locations. In Nebraska, a losing candidate for senate tried to purchase a hand recount. "There is no provision in the law" he was told, and I have that letter from the Nebraska Secretary of State, "for you to count the ballots by hand." They must go through the machine again.

Again, why are we doing this?

A bill has been intr

According to blackboxvoting.org's forums, some places send the machines home with the poll workers with the cards installed and protected by a plastic seal. Blackbox also shows how to remove the card without breaking the seal.
http://www.bbvforums.org/forums/messages/1954/3651 0.html?1158778859

1. do you agree with this assesment (that absentee votes are more suseptable to fraud),
2. and what recommendation(s) would you make to decrease the potential risk of absentee fraud?

I know I'm only supposed to ask one...but geesh...

First, I haven't seen the documentary. Saw it was on last night but didn't have the time to watch. I'll watch it on HBO On Demand this weekend.

Second, when I read things like manual overrides allow unlimited voting and votes automatically switched it scares the crap out of me. Why are politicians and elected officials sticking up for this garbage more often than not?

Third, what's so wrong about paper? Why is the government so gung ho over mediocre to outright horrible electronic voting equipment over paper ballots? And what's so bad about receipts?

And finally, do you think the government will ever mandate that the hardware and software of electronic voting equipment must be published for citizen review? If not, how can anybody actually trust this equipment?

And yet, the errors *always* seem to favor the republicans...

When you look at the following factors:

• The ownership of Diebold and other major electronic voting systems by republican fundraisers
• The massive amount of scandal (racketeering, etc...) on the part of the republicans
• The as of yet unexplained discrepancies between exit polling and results in 2004 (BTW, the given explanation that exit polls are always wrong was addressed as being incorrect by a researcher for the Pew Charitable Trusts on NPR last week).
• The refusal of electronic voting companies to open source their code that programmers *not* on their payroll can review the code. (For that matter, why not compile it in a secure environment having democratic, republican, green, and progressive programmers sign off on it, and then distribute the binary using an MD5, or other, checksum?)
• The known documented problems with numerous electronic voting machines (see: here for a summary of links to external news sources).

it seems like a problem is more likely than not.

In fact, it's a little disconcerting that people can shout "conspiracy theory" in order to squash any debate about the problems with our voting system.

Now, on the flip side, Sequoia Systems was recently bought by three Venezuelan businessmen. This could be problematic because of the foreign influence, but as of yet, nothing shady has happened with Sequoia *since* this business deal. (One could just as easily complain that the US has too much influence in foreign elections that use MS operating systems because they are a US owned company.) So in this case, the jury is out until evidence of foul play exists.

I suggest you read this article and maybe look at the Baxter video that proves that no human could possibly alter the results (so someone trained a monkey to do it).

You don't seem to have registered that the rot is already pretty much at the root of the US system, and that the whole freedom, liberty and democracy idea has been pretty much neutralised by The Almighty Buck.
 
Who are you going to vote for? Well, both sides need to spend an insane amount of $$ to get their candidate in the running, and any amount of $$ wants payback. So bye bye impartial, democratic process. Nice knowing you.

Oh, before I forget - this also influences the quality of 'democracy' that is exported by means of trade embargoes, wars, data sharing 'agreements' (like SWIFT - play or we won't talk to you).
 
And then people wonder why the terrorist problem gets bigger.

I agree that this is perhaps THE most pressing issue right now for Americans, but is it really ethical to distribute this kind of information? At what point do you take responsibility for what you post, and NOT diseminate information that, in the wrong hands, will cause what you are trying to prevent?

The real question is where do we go from here? If you know that American elections are suspect, what do you do next?

The best answer I've got at the moment is to hope that the vote rigging machinery is not that perfect, and that it can only steal a relatively close election. Then there's at least a chance that we can vote the current bastards out, and try to fix the problems working "within the system" as it were. On the congressional level, we can push for the Paper Ballot Act of 2006, and on the state level we can try to elect people to the "Secretary of State" office who will push for sane proceedures.

Note: if you live in California, you've got to vote for Debra Bowen for Secretary of State. History lesson: Democrat was Sos, he disallowed Diebold; Democrat chased out of office, Republican appointee then allows Diebold; now we have a Democratic candidate running for SoS, and strangely enough she understands the importances of paper trails for election integrity.

Dont tell anyone - but US democracy is dead. If the Americans are told, they get mad at you.

In any case: the American Democratic-Republic is certainly in bad shape -- it may be in the worst shape it's ever been -- but it's not clear to me that it's dead. It is possible, for example, that the Republican vote-rigging system can shave 5 points, but might have trouble shaving ten: with a big enough upwelling of disgust, with enough people voting against them, you just might see not only the House, but the Senate shift over to Democrat control.

Given that, it then becomes possible to hold actual investigations into some of nasty tricks the Bush regime has been pulling. I wouldn't hold my breath about an actual impeachment, but some nice long hearings grinding people's noses into the crap, we might start seeing some actual improvements.

Things like the Paper Ballot Act might actually become law...

Remember: "Democracy is coming to the USA"

The idea behind the graphic scans (about 200dpi mono will do) is to be able to throw a COMPLETELY different code set at the ballot stack quickly and cheaply. Or more than one additional code set.

The registrar of voters of Humboldt County California came up with a good idea. Please, no pot jokes :). She runs a Diebold setup doing optical scan ballots. Her plan is to spend about $15k on a new scanner, a big commercial monster with it's own integral disk burner, fast, double-sided and with at least a 500-page intake hopper. That's doable.

She wants to take every paper ballot and just feed it through that monster and produce a set of CDs with the output, and put them on the county website as ZIPs or something, or hand out CD copies to anybody.

It's the same idea: let's throw a whole 'nuther code set at the stuff, independent of every line of code to ever come out of Diebold.

Problem is, it doesn't include hashing...but hey, it's a first step.

If you go further and build the whole setup around graphic scans from the get-go, you CAN hash them. You can also burn a serial number onto the CD (or coming soon, HD-DVD, whatever, so long as it's "-R" and not "-RW").

You're envisioning CDs (or other media) that are specially marked *externally*. By marking them "internally" (via data) you can cut as many disks as you want on election night and if two of the same thing happen to get fed into the county's central tabulator software (or anybody else's!) it's easy to write code that says "if you eat serial number "x" once, and then see it again, go ahead and check that it's the same - if it is, report the dupe and don't eat it. If it does NOT match then somebody is up to no good, scream bloody murder and halt while humans sort it out".

And that's another thing: whenever the software encounters a glitch, it should say so AND record it to unalterable media - an audit trail log from hell. Upon each halt, observers representing the public, parties and/or candidates should be given the opportunity to at least view what's up, photograph or otherwise record the errors, get an explanation of what was going on then and what the plan is to recover.

We've seen counties deliberately cover up errors during elections or pre/post election "Logic and Accuracy" tests. In some cases observers were reading bluescreen text when the election officials literally yanked power plugs to blank the screen.

For a real freakshow example of election officials behaving badly (including loading PC Anywhere on the central tabulator and hooking it up to the county intranet with no firewall!) see also my report on Memphis TN:

http://www.bbvforums.org/cgi-bin/forums/board-auth .cgi?file=/1954/44242.html

Jim March

Exactly right- I can't think of a single more pro-corporation anti-American organization. Corporatism is the new communism- seeking to use the power of the corporate dollar through lobbyists to restrict the free market down to just a few oligarchial players.

The ITAA is for: Replacing all American high-tech workers with H-1b indentured servants, Removing Verifiable voting from American voters, is for guest worker visas to replace American Workers, and is headed by the guy who destroyed Cesar Chaverez's attempt to unionize farm workers back in the 1970s. And we expect a man named GARCIA from this group to be pro-USA enough to head such an important post?

>That's bullshit, and you know it.

Hypothesis: the long parade of blatant security problems in Diebold voting machines is not deliberate.

Analysis: incompetence is common and can explain a lot, and much dishonest activity is to cover up incompetence. Evidence against the idea of simple incompetence is that the company was run by political activists, "[anonymous Diebold whistleblower]Dieb-Throat said that management "felt that if they controlled an election company, they could have great influence over the outcome." "((Credibility open to question). Further, they designed systems without a printer and actively discouraged buyers from adding one by inflating the price of a printer to four figures(http://www.securityfocus.com/news/7665). In California they certified one set of software and deliberately installed something else(Voting Systems Panel meeting ).

This falls short of being probative but is more than enough to rule out "That's bullshit, and you know it".

You mean these seals?

http://www.bbvforums.org/cgi-bin/forums/board-auth .cgi?file=/1954/36510.html#

Previously ... on Diebold TV:

http://midnightspaghetti.com/newsDiebold.php

http://www.equalccw.com/dieboldtestnotes.html

http://www.votergate.org/

http://www.securityfocus.com/news/7517

http://www.archive.org/details/TheCageBushKerry

The seals can be bypassed easily. Voting officials have had voting box 'sleep-overs' giving plenty of opportunity as well.

http://www.bbvforums.org/cgi-bin/forums/board-auth .cgi?file=/1954/36510.html

You can hire a hell of a lot of people for what 1 machine costs.

It costs Sarasota Office of Elections an extra million dollars each year to maintain and operate the DREs in years without any major election.

Anyone ever think of that?

What the hell is the big deal about hiring more workers to count ballots cast by hand?

Matter of fact, here is some info for anyone who wants to volunteer to do so as to save the a few bucks of cost for an accurate count.

Please note: Nothing personal intended. This is a very important subject to me.

... until you did the math. Bics are like 2 bucks for a pack of 10. Assuming you had to buy all new ones every year, and assuming every year was a major voter turnout equivalent to a presidential election, and also assuming that one pen would serve only 3 voters, and that 300,000,000 people voted every year(notice how way over the top I'm padding the numbers in favor of the bic theory), you'd need 100,000,000 pens nationwide. That would equal 20,000,000 bucks on a nationwide scale.

The diebold machine purchase for Cuyahoga County Ohio(pop ~1.3 million), would cost 22,000,000 alone(or it would have, but I think the cost will drop a good deal now) source: http://www.bbvforums.org/forums/messages/2197/1427 3.html?1139698724

In reality, according the US census numbers, ~125,000,000 people voted in the last presidential election. You would not need a pen ratio of 1 pen per 3 people, but say you did, you now only need what, 45,000,000 pens(to make the math simple). This now reduces the money involved to 9 million.

To break it down further, the required pen to voter ratio is actually far far lower than that, and then you have the whole problem that the pens can easily be stored and used for several years, with no real ongoing maintenance costs other than purchasing replacements here and there for the ones that die or grow legs.

Couple of points to grant before I'm called on it... Not every county is getting as blatantly ripped off as the above mentioned one. But most of these systems I've read about are multi-million dollar systems. I also didn't factor in cost of printing of paper ballots, but my point wasn't to argue pen and paper was cheaper, only that the money generated by computerized voting machine purchases is far greater than the sales of pens. This is important because it puts a lot of cash into a single source who can then make sure that certain campaigns recieve good financing. Far more cash than if the governments just bought bics.

And I know it sounds like a "conspiracy theory", but IMO, anyone who thinks that money isn't playing a part in all this is living in a dream world. Keep in mind that in most cases it is local and state governments making these purchasing deciscions, which in general fall under far less scrutiny than the federal government.

You know, I wonder if there might be a simple test for these voting machines. Keep the things from being tampered with after the election is done. Then, reset them and have some trustworthy people visible enter a known number of votes for various candidates. If the end result is not akin to the data entered, then somebody has screwed with the machine to make it skew in favour of particular candidate(s).

It's been done, more or less. The reason it can't be done the way you describe is that at least one of the easy ways to tamper with the results is to pre-load the machine with non-zero results (from the link):

A test election was run in Leon County on Tuesday with a total of eight ballots. Six ballots voted "no" on a ballot question as to whether Diebold voting machines can be hacked or not. Two ballots, cast by Dr. Herbert Thompson and by Harri Hursti voted "yes" indicating a belief that the Diebold machines could be hacked.

At the beginning of the test election the memory card programmed by Harri Hursti was inserted into an Optical Scan Diebold voting machine. A "zero report" was run indicating zero votes on the memory card. In fact, however, Hursti had pre-loaded the memory card with plus and minus votes.

The eight ballots were run through the optical scan machine. The standard Diebold-supplied "ender card" was run through as is normal procedure ending the election. A results tape was run from the voting machine.

Correct results should have been: Yes:2 ; No:6

However, just as Hursti had planned, the results tape read: Yes:7 ; No:1

--MarkusQ

The TSx also has an unmarked button hidden in the casing. On the circuit board, this switch is labeled "battery test". The switch is physically similar to many reset buttons, necessitating application of substantial force to press the button, requiring it to be depressed by about 1/5 - 1/6 inch in order to activate the switch. This switch is also software accessible. It is completely accessible for all voters in the standard voting booth configuration. The logic behind the button is unknown, but for an attacker it presents yet another way to interact with the machine, and an exceptionally convenient button switch for an attack designed to be triggered by a voter.

Well, this seems very insecure to me. BBV criticizes the three layer architecture and states that it would be very easy to target it three different ways (at each layer):

- The application can be imagined as written instructions on a paper. If it is possible to replace these instructions, as it indeed seems, then the attacker can do whatever he wishes as long as the instructions are used.

- The operating system is the man reading the instructions. If he can be brainwashed according to the wishes of the attacker, then even correct instructions on the paper solve nothing. The man can decide to selectively do something different than the instructions. New paper instructions come and go, and the attacker can decide which instructions to follow because the operating system itself is under his control.

- The boot loader is the supreme entity that creates the man, the world and everything in it. In addition to creating, the boot loader also defines what is allowed in the world and delegates part of that responsibility to the operating system. If the attacker can replace the boot loader, trying to change the paper instructions or the man reading them does not work. The supreme entity will always have the power to replace the man with his own favorite, or perhaps he just modifies the man's eyes and ears: Every time the man sees yellow, the supreme being makes him think he is seeing brown. The supreme entity can give the man two heads and a secret magic word to trigger switching the heads.

In the world of the Diebold touch-screen voting terminals, all of these attacks look possible.

The instructions (applications and files) can be changed. The man reading the files (Windows CE Operating System and the libraries) can be changed. Or the supreme entity (boot loader) can be changed, giving total control over the operating system and the files even if they are "clean software."

Specific conceptual information is contained in the report, with details and filenames in the high-security version which is being delivered under cryptographic and/or personal signature controls to the EAC, Diebold CEO Tom Swidarski and CERT.

1) Boot loader reflashing
2) Operating system reflashing
3) Selective file replacement

In addition, the casing of the TSx machines lack basic seals and security, and within the casing additional exploitations are found.

The article talks about a "standard tool you can buy at any computer store" and I believe this is referring to a PCMCIA card (what you use in laptops). I guess these are used to boot, upgrade & ready the machines for use. They do not go into detail but I wager that using a PCMCIA card with a USB port on it, you could load your own data from a thumb/pen drive. This would be small and easy to carry in. If you had access to it outside of the voting window, you could potentially use a PCMCIA card that functions as a NIC (probably with RJ45 cable port) to use cross over cable and a laptop for a 'live' attack.

Here's the first part of the report from Black Box Voting. Note that there are several problems that turn up in the inspection of the machines, not just the memory discrepancies.

For those people who are saying that what Bruce Funk and Black Box Voting did violated the agreements with Diebold, however from a different article on the Black Box Voting website:

Bruce Funk, the elected official who has run elections in Emery County for 23 years, noticed a critical shortage in flash memory/storage in seven of his 40 brand new Diebold machines. He arranged for an independent evaluation, a right granted to Utah county officials in the Diebold contract [empasis mine].

I've also heard people say that Black Box Voting should have made a better record of thier activities, ie videotaping the whole thing, to those people, please note this paragraph from yet another article:

The testing was performed for an elections official who noticed anomalies in the county voting machines. It was underwritten, videotaped [emphasis mine] and photographed by Black Box Voting and performed by Harri Hursti and Security Innovation, Inc.

Here's the first part of the report from Black Box Voting. Note that there are several problems that turn up in the inspection of the machines, not just the memory discrepancies.

For those people who are saying that what Bruce Funk and Black Box Voting did violated the agreements with Diebold, however from a different article on the Black Box Voting website:

Bruce Funk, the elected official who has run elections in Emery County for 23 years, noticed a critical shortage in flash memory/storage in seven of his 40 brand new Diebold machines. He arranged for an independent evaluation, a right granted to Utah county officials in the Diebold contract [empasis mine].

I've also heard people say that Black Box Voting should have made a better record of thier activities, ie videotaping the whole thing, to those people, please note this paragraph from yet another article:

The testing was performed for an elections official who noticed anomalies in the county voting machines. It was underwritten, videotaped [emphasis mine] and photographed by Black Box Voting and performed by Harri Hursti and Security Innovation, Inc.

Here's the first part of the report from Black Box Voting. Note that there are several problems that turn up in the inspection of the machines, not just the memory discrepancies.

For those people who are saying that what Bruce Funk and Black Box Voting did violated the agreements with Diebold, however from a different article on the Black Box Voting website:

Bruce Funk, the elected official who has run elections in Emery County for 23 years, noticed a critical shortage in flash memory/storage in seven of his 40 brand new Diebold machines. He arranged for an independent evaluation, a right granted to Utah county officials in the Diebold contract [empasis mine].

I've also heard people say that Black Box Voting should have made a better record of thier activities, ie videotaping the whole thing, to those people, please note this paragraph from yet another article:

The testing was performed for an elections official who noticed anomalies in the county voting machines. It was underwritten, videotaped [emphasis mine] and photographed by Black Box Voting and performed by Harri Hursti and Security Innovation, Inc.

Like this item

Despite that, BBs findings were consistent with my initial thoughts: that the machines are not identical and that the discrepancies in the machines memory are not explainable if all the machines are identical (which BB found they were not).

After reading the article it should be even more clear that there is something wrong with these machines and Diebolds efforts to get these machines in use.

Funk should be acting like Steve Ballmer (though in a good way) and letting everyone know how bad these machines really are. If he gets taken to court, then so be it. At least then the truth behind his actions will be in the public record.

In case your post doesn't get seen, here is the link to the article in question.

Black Box Voting demonstrated in Florida that whoever has access to the flash memory card, used to keep track of the votes can determine the results of the voting on that machine: http://www.bbvforums.org/forums/messages/1954/1559 5.html?1141791589. No tinkering with the machine is necessary.

I would say even the submitter's point of view is not biased enough - Diebold should get a corporation death penalty for even agreeing to provide voting machines without paper trail. This is such no-brainer, that no amount of outrage is sufficient.

Here is the link to the article mentioned in parent.

http://www.bbvforums.org/cgi-bin/forums/board-auth .cgi?file=/1954/19743.html

Also, Blackbox did NOT conduct the audit. They recommended two security companies to the COUNTY clerk who hired them in line with his purview to conduct an independent audit. BTW, this is not some random clerk as one poster suggested. County Clerk is an elected office in my county.

Also, there were apparently 3 versions of the voting machine delivered (So which one is the validated one?)

Also, the delivered machines had been marked as having failed acceptance testing BY DIEBOLD.

Also, the memory discrepancy cannot be accounted for by Diebold's font explanation.

Also, apparently Diebold is running around replacing motherboards on other delivered systems.

Question: Why aren't we throwing bricks yet? This is way worse then bad French labor laws.

Note to the literal minded: I am not actually advocating that anyone engage in violent rioting, however a good loud peaceful protest is definitely in order. And I am not one to protest frivolously (see sig)

However, by not informing the commissioners of his desire to have a third-party examine the machines for flaws or outright corruption, he has invalidated any findings by Black Box since it is true no one knows what they did or did not do. The correct process would have been to tell the commissioners of his desire for a third-party review and if they objected or if Diebold objected, he could have explained his reasonings why he wanted another set of eyes to check things out (which is pretty much what was said in the article). If they refused the request he would have a much more firm standing to say whether or not the machines will do what the manufacturer claims they will do since by not allowing the examination it would appear that they, either the commissioners or Dieblod (or both), have something to hide.

Based on the blackbox article http://www.bbvforums.org/cgi-bin/forums/board-auth .cgi?file=/1954/19743.html it looks like they just booted the thing and saw that they were out of meemory.

Over at blackboxvoting.org they have some more information about what tests were actually run on the machines, what they found, and what diebold's official response was. Apparently, BBV did not actually do the tests themselves, they arranged for 3rd party security experts to go in and do the analysis.

Here's the link:

http://www.bbvforums.org/cgi-bin/forums/board-auth .cgi?file=/1954/19743.html

It's on black box voting's website, so obviously it will be biased, but at least it gives more detail than the gloss-over provided by the tribune.