Slashdot Mirror

And you base this opinion on what, precisely?

You mean these seals?

http://www.bbvforums.org/cgi-bin/forums/board-auth .cgi?file=/1954/36510.html#

Previously ... on Diebold TV:

http://midnightspaghetti.com/newsDiebold.php

http://www.equalccw.com/dieboldtestnotes.html

http://www.votergate.org/

http://www.securityfocus.com/news/7517

http://www.archive.org/details/TheCageBushKerry

DIEBOLD'S VOTE-TALLY SOFTWARE
V.5.0i - 9/17/03

http://www.equalccw.com/dieboldtestnotes.html

REQUIREMENTS: Windows-based PC with 150megs free disk space and 128megs RAM (minimum). You also need MS-Access2000 or a later variant in order to severely circumvent the passwords and security - the whole point here is that MS-Access is basically a "hack tool" and once used, there's NO security on this "high security voting product" whatsoever!

More Diebold Voting Machine Fun
YMMV

http://www.votergate.tv/

http://www.equalccw.com/dieboldtestnotes.html

http://www.equalccw.com/dieboldtestnotes.html#gems installs

http://midnightspaghetti.com/newsDiebold.php

http://www.archive.org/details/TheCageBushKerry

hylas

More Diebold Voting Machine Fun
YMMV

http://www.votergate.tv/

http://www.equalccw.com/dieboldtestnotes.html

http://www.equalccw.com/dieboldtestnotes.html#gems installs

http://midnightspaghetti.com/newsDiebold.php

http://www.archive.org/details/TheCageBushKerry

hylas

(Support Guide - Review) (pdf):

4.4 Key management and other cryptographic issues with the vote and audit records [...] the audit logs are encrypted and checksummed before being written to the storage device. Unfortunately, neither the encrypting nor the checksumming is done with established, secure techniques. [...] (Recall that we have already discussed the lack of cryptography in other potions of the system.) [...] All of the data on a storage device is encrypted using a single, hardcoded DES [22] key: #define DESKEY ((des_key*)"F2654hD4"). Note that this value is not a hex representation of a key, nor does it appear to be randomly generated. Instead, the bytes in the string "F2654hD4 " are fed directly into the DES key scheduler. [...] from the CVS logs, we see this particular key has been used without change since December 1998 [...] ...

In June 2005, [Kevin Shelley, the California Secretary of State], reported that when given access to Diebold vote-counting computers, Bev Harris- a critic of Diebold's voting machines - was able to make 65,000 votes disappear simply by changing the memory card that stores voting results for one that had been altered. Although the machines are supposed to record changes to data stored in the system, they showed no record of tampering after the memory cards were swapped. In response, a spokesperson for the Department of State said that, "Information on a blog site is not viable or credible."

Sorry I can't respond to posts scattered throughout, I'm kinda busy right now :).

But here's some general info not found in the story:

1) Glade County Florida gladly handed us at Black Box Voting a copy of their GEMS data file (the MS-Access abortion). Diebold didn't do squat to 'em. So the people saying Alaska's elections office is to blame are dead on. What are they hiding? They're among dozens of other jurisdictions also refusing these data files across the nation. Diebold has been distributing a memo asking them not to but legally it isn't worth it's weight in broken video card parts.

2) If y'all want to see the cease'n'desist from Diebold to me asking me to take my site down (containing these same types of files) in 2003, it's still online at:

http://www.equalccw.com/liebold.html

(If you see a black Buell S3 motorcycle running around the Seattle area with the words "LIEBOLD" on both sides of the gas tank, wave, that's me :).)

The point is, they've known the files are out there, I dared them to sue me via a DMCA counter-notification including giving them my home address for process service and they backed down. There's no more "secret sauce" here as the trademark lawyers put it.

(The files on my site are being moved this week over to http://www.blackboxvoting.org/ with pointers to the new locations as I'm now paid staff at BBV. That's a fairly recent development but immaterial to this situation.)

3) The MS-Access data files contain a "double set of books"...all of the vote data is duplicated in two tables. If you query the Diebold-written front end ("GEMS") for data on the whole county's election totals, those numbers come out of one table. If you query for any one precinct or a group of same, the numbers come out of the other table. By default they match. To hack an election, you rig the numbers that provide the whole county totals via MS-Access itself or VB scripts or Java or whatever tweaking on the Jet database engine. That way, the hapless clueless honest GEMS user at the county elections office who can't tell there's two tables is hosed. IF they suspect trouble at all, they spot-check individual precincts, hand-counting the totals and matching them to the individual precinct totals in GEMS. Do that a few times, they'll think it's all cool. They have no way of knowing there's "two sets of books" in the damned thing unless they print out EVERY precinct and add them up on a hand calculator.

4) If Diebold concerts tables to Excel, y'all REALLY think they'll export both if somebody hacked one? Riiiight. Hence the need for the raw file. (Oh yeah. There's a THIRD table. We don't know what it's for. Yet.)

Now look, it's not certain this was done in Alaska, OK? Actually, this whole thing in Alaska doesn't really look like a deliberate vote hack. We've seen some already, they're slicker than this...like James Bond (well except for that idiocy in Volusia County 2000 but nevermind). Whatever happened in Alaska was more "Inspector Clouseau". Probably just a dumb screwup on the part of elections officials.

But "we the people" (or at least the geekier among us) damned well have the right to sort it out, and that's why this is going to get pushed to a lawsuit, if not in Alaska, somewhere else. There are other states like Washington and Colorado where there are cash penalties for wrongfully denying public records so they're reaaaally tempting targets if the Alaska Democrats drop this ball. But...having talked to them, I don't think they will, I think they're going to follow this all the way to court and win.

One way or another, we're going to get access to these data files, it's a no-brainer.

Then...let's talk source code.

Jim March
Staffer/investigator
Black Box Voting Inc.
http://www.blackboxvoting.org/

PS: Alaska

Jim March and Gun Owners (Score:-1, Troll)
by Anonymous Coward on Tuesday January 24, @03:44PM (#14551318)

Jim March of Black Box Voting

Jim March is also active in trying to get a concealed weapons bill passed in California.

http://www.equalccw.com/

http://thehighroad.org/member.php?u=396

Jim March of Black Box Voting

Jim March is also active in trying to get a concealed weapons bill passed in California.

http://www.equalccw.com/

http://thehighroad.org/member.php?u=396

Gun regulations (that apply equally to everyone) are about as typical of fascism as breathing oxygen is.

And you trust the government to apply gun control laws equally to everyone?

This explains why the rich and connected can get permits in places like New York and California. (EqualCCW.com

If you're going to tell me that my privacy rights aren't important when it comes to things that are important to me, why should I care if the government wants to violate privacy rights for the things you care about?

Two things:

1) Ethics matter when we're dealing with our democracy. If you can't understand that, well...

2) Diebold has a specific history of withholding modified code from the test labs and lying to the labs. There is every reason to believe they'll do the same to the government. See also these files for documented case histories of such fraud against the testing labs:

http://www.equalccw.com/sscomments1.pdf

http://www.equalccw.com/sscomments2.pdf

Two things:

1) Ethics matter when we're dealing with our democracy. If you can't understand that, well...

2) Diebold has a specific history of withholding modified code from the test labs and lying to the labs. There is every reason to believe they'll do the same to the government. See also these files for documented case histories of such fraud against the testing labs:

http://www.equalccw.com/sscomments1.pdf

http://www.equalccw.com/sscomments2.pdf

You've asked two questions :).

Starting with Diebold: basically there were FOUR different groups that all made mistakes with this stuff in general, but esp. where Diebold were concerned. No...wait, FIVE. In no particular order:

1) Federal Election Commission: the FEC makes the rules for voting machine certification, the so-called "1990" and "2002" standards. Problem is, they didn't codify them into regulations. They don't have the force of law...they're literally known as "voluntary guidelines". The FEC also approves the testing labs, private companies licenced by the FEC to do source code and functionality reviews paid for by the vendors. The testing labs are called "ITAs" for "Independent Testing Authorities".

2) National Association of State Elections Directors: NASED was in control over how the ITAs did business. They would check over the ITA's paperwork on any particular certification and assign a "NASED number" signifying Federal certification. They didn't happen to notice that the ITAs were acting like a pack of diseased baboons...when it was pretty damned obvious. NASED got some operational support via cash donations from the big vendors.

3) The ITAs themselves, esp. Ciber Inc and the elections division of Wyle Labs, both in Huntsville Alabama. Complete and total wastes of skin. Jam a pocket calculator halfway into a banana, they'll certify it as a voting machine for the right money.

4) The various state certification panels. Some were OK, others said "well hey, as long as it's been Federally certified, well by golly that's good enough for us!" It wasn't. (Oh, and despite NASED's name, the states were NOT able to control NASED much. NASED appears to have gone "rogue" years ago and right now their certification oversight ability is being *stripped* from them and given to the new "Election Assistance Commission"...which isn't functional yet. Shows you how hosed NASED was though.)

5) Various academics and "experts" who were supposed to be checking this stuff out. Even the best of them (Prof. Doug Jones of Iowa) didn't want to get too "vocal" about the issue, esp. early on. Others like Brit Williams and Paul Croft just actively aided and abetted the chaos. There were a small number of notable exceptions such as Dr. Rebecca Mercuri but she was a "voice in the wilderness" drowned out by the "nothing is wrong" crowd. See my other post in this article covering "test mode" for testing and ask yourself if something is wrong.

Basically, the FEC created a crappy program and let a total cheezewiz-for-brains name of R. Doug Lewis run it over at NASED. See also:

http://www.equalccw.com/lewisdeconstructed.pdf

Lewis and his minions weren't watching the ITAs. The ITAs missed multiple glaring security holes. The vendors knew nobody was watching the store and Diebold in particular acted like a pack of Goths sacking Rome.

To criticize Diebold is to critique the WHOLE SORRY HOUSE OF CARDS who all generally acted like they were all members of the same big happy club...vendors and ITAs included. It gets worse: people from one part of this structure often relocated to other parts, including back and forth between vendors and government oversight. Diebold, Sequoia and ES&S *all* hired high-level staff from within the California SecState's office to go lobby their former co-workers and bosses, and that's just in California. This was and remains common nationwide.

That's why Diebold has been protected...they go down, people might look too close, the whole thing collapses in scandal.

Mind you, some people in high places are STARTING to get it.

Example: in California, Diebold tried to get approval for a new touchscreen setup in mid-2005. Somebody at the California SecState's office wisely decided to do a "volume test" and without even worrying about security, checked for basic reliability - and found a 30%+ failure rate. In the "aftermath repor

Exactly.

A variant of this for voting machines would involve the distribution of the MD5s or similar on the websites of the vendors, the county governments using it, the Federal Election Commission website and the like, along with a script that will check every file on the voting machine in question for accuracy.

A concerned voter or party rep or one of us at Black Box Voting or whatever can download all that, put it on CD-ROM.

The county can then test the CD you bring in and make sure it contains nothing but the "checker program", mark that CD "approved", you then stick it in the voting machine(s) and run it even with very limited "geek quotient". Now everybody can trust everybody.

--------------

Another big issue is that the data files need to be made public. As God is my witness, Diebold and other major vendors are claiming that the database files (MS-Access in Diebold's case, SQL in most others) are "proprietary trade secrets"(!) and cannot be released by the counties under various public records laws of each state.

This is utter BS. Hell, if you have just ONE set of Diebold data files you know their table layouts and whatnot, and many such have been published all over the net for literally years...with Diebold taking no legal action to make them go away since...well they gave up around Oct. of 2003. See also:

http://www.equalccw.com/dieboldtestnotes.html ...for my personal collection and

http://www.equalccw.com/liebold.html ...for a view of the first and last time they tried to have any of my stuff taken offline.

Diebold MS-Access data files *can* hold forensic traces of vote-hacking if the hack wasn't done very professionally. So why is Diebold fighting to make sure the data files don't end up in public hands, when this "trade secrets" argument is clearly horse manure?

Either they're messing with votes, or they're afraid some of the counties are because Diebold has made it so damned easy.

Jim March
BlackBoxVoting (.org)

Exactly.

A variant of this for voting machines would involve the distribution of the MD5s or similar on the websites of the vendors, the county governments using it, the Federal Election Commission website and the like, along with a script that will check every file on the voting machine in question for accuracy.

A concerned voter or party rep or one of us at Black Box Voting or whatever can download all that, put it on CD-ROM.

The county can then test the CD you bring in and make sure it contains nothing but the "checker program", mark that CD "approved", you then stick it in the voting machine(s) and run it even with very limited "geek quotient". Now everybody can trust everybody.

--------------

Another big issue is that the data files need to be made public. As God is my witness, Diebold and other major vendors are claiming that the database files (MS-Access in Diebold's case, SQL in most others) are "proprietary trade secrets"(!) and cannot be released by the counties under various public records laws of each state.

This is utter BS. Hell, if you have just ONE set of Diebold data files you know their table layouts and whatnot, and many such have been published all over the net for literally years...with Diebold taking no legal action to make them go away since...well they gave up around Oct. of 2003. See also:

http://www.equalccw.com/dieboldtestnotes.html ...for my personal collection and

http://www.equalccw.com/liebold.html ...for a view of the first and last time they tried to have any of my stuff taken offline.

Diebold MS-Access data files *can* hold forensic traces of vote-hacking if the hack wasn't done very professionally. So why is Diebold fighting to make sure the data files don't end up in public hands, when this "trade secrets" argument is clearly horse manure?

Either they're messing with votes, or they're afraid some of the counties are because Diebold has made it so damned easy.

Jim March
BlackBoxVoting (.org)

http://www.bbvforums.org/forums/messages/1954/8556 .html?1122679073

http://www.bbvforums.org/forums/messages/1954/8568 .html?1122664155

The good news is, it was only 18 hours. Still sucked :). And coming up with $10k in bail was a pain.

But the DA's office dropped all charges:

http://www.bbvforums.org/forums/messages/1954/9425 .html?1124737282 ...and I've taken the first step in suing 'em:

http://www.equalccw.com/claimforcivildamagesnet.pd f

Sigh...remove the "/" on the first link...sorry.

http://www.equalccw.com/wiringdiagram.gif

That's a whole 'nuther thing.

http://www.equalccw.com/wiringdiagram.gif/

This is all going into the older motorhome I'm renovating :).

Every watt going into and out of that monster 650lb battery (all $1800 worth) will be measured by the Bogart Engineering "Trimetric" device. It sits in-line with the battery negative terminal.

http://bogartengineering.com/trimetric.htm/

The solar charge controller has it's own measuring system as does the inverter/charger but those can be mostly ignored - it's the Trimetric that matters.

Note: "inverters" take 12v DC (or 24v or whatever size battery bank you're running) and convert that to 110v wall juice. Good ones deliver "pure sine wave" power like a very clean electrical outlet. An "inverter charger with pass-through" like my Outback 2812 will take any amount of incoming AC (utility grid, generator, whatever) and pass it through while also charging the battery at 12v in my case. When the utility grid or generator is cut off, it works in reverse, delivering 110v from the battery bank.

My main inverter is this sort of inverter/charger. My secondary inverter is "just an inverter" and smaller at 1100watt, but it's completely isolated from what's going on at the other inverter - a major load like air conditioning or the washer/dryer combo can spectacularly puke and die over on the 2800w main inverter and it'll cause not a single glitchy on the 1100 inverter powering the computer gear, satellite internet, etc.

Anyways. If I wanted to monitor all this with a PC I'd get the Bogart "Pentametric" with PC interface:

http://bogartengineering.com/pentametric.htm/ ...but...why? :)

The tinfoiled, myself among them, will point out that even if there is a paper trail, it may never be seen if an election is not close enough. In a lot of places, manual recounts are triggered by elections being too close; if elections are decided by electronic tabulation first, we will never see a paper ballot.

Personally, I like the precision that electronic voting has the potential to deliver--and the instant results are definitely a plus. The solution to your problem is, of course, to count the paper record of a random sampling of machines and compare them to the electrionic records of those machines, in every election. This verifies that everything is on the up and up.

Now, what tinfoil hatted folk like me are wondering is "where the fuck was the new york times these last few election cycles when both conservatives and liberals were pointing out how easy it was to defraud the machines and asking 'why dont these things have paper records?'"

Make sure you know the knife laws for your locality. You might not think of a Leatherman as a weapon, but the local police may disagree--especially around schools and colleges. Here are some useful links:
http://www.thehighroad.org/library/blades/knifelaw s.html
http://pweb.netcom.com/~brlevine/sta-law.htm

California-specific laws:
http://www.equalccw.com/knifelaw.html

Always keep in mind that info on the Internet may be wrong or out of date, so take with appropriate seasonings.

Eric

Got bored over the summer and found this document which shows how to get past diebold's password "security" on the counting software and made a video on how I did it. It is beyond silly how easy this is.
-Mike

oops, that first link should have been to Jim March. he goes into how COTS (commercial, off the shelf) hardware and software is used in these machines because it doesn't have to pass such stringent certification process. the idea being that you can just compare the software from a factory install with the software from a store and confirm that the company didn't make any changes. but winCE is not COTS -- diebold has the source code and windows specifically considers it non-COTS.

Jason, I don't *want* to have to shoot it out.

I know enough about unconventional warfare to want NO part of that.

Christ, that's why I got involved in this whole Diebold/voting situation: given 15+ years of corporate-hosed elections, it'll mean civil war. Inevitably.

The good news is, we can win this electronic voting issue and we can win the self defense issue too!

On guns: the first thing you need to know is that the courts are completely screwed up on the issue. The most blatant example is the most recent decision out of the Federal 9th Circuit in Silveira - all you need to know about THAT fiasco is here:

http://www.americanminutemen.org/reinhardt.htm

We need Bush to put in pro-self-defense US Supreme Court justices - several are about to croak and with lower-court decisions that bad, the USSC can't dodge the issue forever.

With the courts untrustworthy, so far we've have to work within the political process.

So we've been going to each state, getting a basic right to self defense put into law:

http://www.gun-nuttery.com/rtc.php

This is a series of maps showing how we've been kicking butt state by state getting at a minimum the right to pack a self defense handgun with a background check and training ("blue states" in these maps) or in two cases since 2003, with no prior gov't permission needed to pack.

Take the blue and green states, and compare with the Bush/Kerry red/blue maps. You'll find that wherever self defense is widely allowed, the state went Bush. Usually...most of the exceptions were in the midwest.

(Note: there's a mistake on the gun-rights maps. Minnesota did indeed pass a law supporting self defense (going "blue") but their courts immedately put a temp stop to it pending a review of how it passed. So at present it's a "yellow state", not blue.)

In these various states where self defense is common and legal, gun-grabber Kerry didn't go over real well. None of these states has had a problem with their millions of armed residents. Newspaper reports from these states (often after it's been in a year or so) often remark on the lack of "wild west syndrome" or "blood in the streets", and then gun control simply stops being an issue.

http://www.equalccw.com/ccweffects.html

Gun-grabber politicians in those states are in trouble. South Dakota is one, and booted Daschle for his gun-grabber ways in the Senate this year.

We now hold at least 35 such states by anybody's count, over 50% of the US population, over 50% of the electoral college votes.

You know what that means?

We've won. OK? Long term, legal self defense will become the norm in the US in the holdout states. The sooner the Dems get a clue and quit trying to disarm those "evil rednecks" as they misunderstand us, the better.

I will never, ever support a politician who doesn't trust me with my civil right to self defense.

----------------

As to how smart Bush is? See how Texas flipped from Red to Blue in the CCW maps in 1995?

That's because Bush took office on a pro-self-defense platform.

He's a damned sight smarter than Kerry.

Jim

Diebold's "paper trail" is an end-of-day record on a long thin "cash register strip" showing how many votes each machine took in for each candidate and issue.

Problem 1: it's glitchier than a Microsoft Windows early beta. I've talked to Alameda and San Diego County pollworkers who tried to collect these at the end of the day, only to find that in some cases nothing printed and in others the printout didn't agree with the on-screen end-of-day tallies! And that was different machines in a single polling location.

Problem 2: this printout isn't done as the votes happen, but rather as a single end-of-day "run" under polling place supervisor control. If the machine crashes at any time during the day (which happens often enough), that'll cause the tallies between the memory card "electronic ballot box" (PCMCIA) and printout to vary.

Problem 3: this printout isn't open to public scrutiny. I've seen Public Records Act/FOIA type queries for copies fought by county elections officials across the nation, probably because photocopying a 12ft strip of 3" paper is a bitch :).

As to code scrutiny by independent labs:

The Federal Election Commission approves testing labs for reviewing voting machine code and products. They're the only ones allowed to see the source code on this stuff. The two biggest are Wyle Lab's elections operation in Huntsville, AL and "Ciber Inc" (formerly Metamore) also in Huntsville.

First, all of the voting machines in current use are certified by these labs to standards written by the FEC in 1990. You heard that right. There's also a 2000 standard by the FEC but since all of our electronic voting machines were built prior to 2000, they can be re-certified under the 1990 standards "forever", until the vendors announce significant enough upgrades/revamps to trigger the Y2000 review process. Which NONE have seen fit to do so far.

It gets worse.

We have 13,000 leaked Diebold memos floating around that document, among other things, Diebold lying to the testing labs. In one case, huge amounts of customized code used in WinCE was declared to be "Commercial Off The Shelf" ("COTS") and not subject to source code review.

The exact phrasing of these internal memos and a security analysis of their implications can be found at:

http://www.equalccw.com/sscomment.html

...and:

http://www.equalccw.com/sscomments2.html

Ain't puked quite yet?

Diebold Corp. in Ohio bought Global Election Systems in 2002 (Canadian company) and renamed it Diebold Election Systems. Global's first voting products were written on Unix boxes, where they wrote their own "Accubasic" compiler for some core vote-tally processes. When porting to Windows, they went to great lengths to get Accubasic working on the new platform. OK, query me this: if I'm writing the compiler and I'm publishing source code for scrutiny that's run through that compiler, how in the hell is the source code reviewer supposed to know what's REALLY going on!?

Ahh, but this presumes "bad intent" on Global's part, which normally isn't something you presume. Except that Global was founded in 1988 by three guys name of Norton Cooper, Charles Hong Lee and Michael K. Graye, all three of whom have prior felony convictions in the US and/or Canada for stock fraud, investment scams and the like. By 2000, Global hired a guy name of Jeffrey Dean as lead programmer on the central vote-tally product (GEMS, "Global Election Management Software", still part of the Diebold product line). Dean was a charming chap - convicted of 23 counts of computer-aided embezzlement from a Seattle law firm in what a court called a "sophisticated computer-aided accounting fraud". He was literally recruited while still in prison by another Global employee also doing time. See also this document for more details on these clowns:

Diebold's "paper trail" is an end-of-day record on a long thin "cash register strip" showing how many votes each machine took in for each candidate and issue.

Problem 1: it's glitchier than a Microsoft Windows early beta. I've talked to Alameda and San Diego County pollworkers who tried to collect these at the end of the day, only to find that in some cases nothing printed and in others the printout didn't agree with the on-screen end-of-day tallies! And that was different machines in a single polling location.

Problem 2: this printout isn't done as the votes happen, but rather as a single end-of-day "run" under polling place supervisor control. If the machine crashes at any time during the day (which happens often enough), that'll cause the tallies between the memory card "electronic ballot box" (PCMCIA) and printout to vary.

Problem 3: this printout isn't open to public scrutiny. I've seen Public Records Act/FOIA type queries for copies fought by county elections officials across the nation, probably because photocopying a 12ft strip of 3" paper is a bitch :).

As to code scrutiny by independent labs:

The Federal Election Commission approves testing labs for reviewing voting machine code and products. They're the only ones allowed to see the source code on this stuff. The two biggest are Wyle Lab's elections operation in Huntsville, AL and "Ciber Inc" (formerly Metamore) also in Huntsville.

First, all of the voting machines in current use are certified by these labs to standards written by the FEC in 1990. You heard that right. There's also a 2000 standard by the FEC but since all of our electronic voting machines were built prior to 2000, they can be re-certified under the 1990 standards "forever", until the vendors announce significant enough upgrades/revamps to trigger the Y2000 review process. Which NONE have seen fit to do so far.

It gets worse.

We have 13,000 leaked Diebold memos floating around that document, among other things, Diebold lying to the testing labs. In one case, huge amounts of customized code used in WinCE was declared to be "Commercial Off The Shelf" ("COTS") and not subject to source code review.

The exact phrasing of these internal memos and a security analysis of their implications can be found at:

http://www.equalccw.com/sscomment.html

...and:

http://www.equalccw.com/sscomments2.html

Ain't puked quite yet?

Diebold Corp. in Ohio bought Global Election Systems in 2002 (Canadian company) and renamed it Diebold Election Systems. Global's first voting products were written on Unix boxes, where they wrote their own "Accubasic" compiler for some core vote-tally processes. When porting to Windows, they went to great lengths to get Accubasic working on the new platform. OK, query me this: if I'm writing the compiler and I'm publishing source code for scrutiny that's run through that compiler, how in the hell is the source code reviewer supposed to know what's REALLY going on!?

Ahh, but this presumes "bad intent" on Global's part, which normally isn't something you presume. Except that Global was founded in 1988 by three guys name of Norton Cooper, Charles Hong Lee and Michael K. Graye, all three of whom have prior felony convictions in the US and/or Canada for stock fraud, investment scams and the like. By 2000, Global hired a guy name of Jeffrey Dean as lead programmer on the central vote-tally product (GEMS, "Global Election Management Software", still part of the Diebold product line). Dean was a charming chap - convicted of 23 counts of computer-aided embezzlement from a Seattle law firm in what a court called a "sophisticated computer-aided accounting fraud". He was literally recruited while still in prison by another Global employee also doing time. See also this document for more details on these clowns:

...were tested in "test mode" versus "election mode".

Yes, I'm serious. There's a software setting on the touchscreen to do one or the other.

But that's OK, 'cuz the software in there is "certified" and subjected to code analysis by a test lab, right?

Oooops. Diebold withheld thousands of lines of custom code in the voting terminals from review by declaring it "Commercial Off The Shelf" (COTS) software. Under FEC rules, "COTS" doesn't need serious scrutiny...but Windows CE at the terminal is NOT "COTS" despite Diebold's assertions otherwise - WinCE is a "software kit" that needs to be "finished" (mostly core drivers like video, etc) by the hardware manufacturer.

Diebold.

So hide a couple hundred lines of code somewhere that checks for the "election mode" versus "test mode" flag...

For more on this WinCE issue including Diebold internal EMails discussing it:

http://www.equalccw.com/sscomments2.html

That's not even getting into how screwed up the central tabulator software is:

http://www.equalccw.com/deandemo.html

Ain't no WAY you can trust a Diebold system. Period.

Jim March
Member, Board of Directors, www.blackboxvoting.org

...were tested in "test mode" versus "election mode".

Yes, I'm serious. There's a software setting on the touchscreen to do one or the other.

But that's OK, 'cuz the software in there is "certified" and subjected to code analysis by a test lab, right?

Oooops. Diebold withheld thousands of lines of custom code in the voting terminals from review by declaring it "Commercial Off The Shelf" (COTS) software. Under FEC rules, "COTS" doesn't need serious scrutiny...but Windows CE at the terminal is NOT "COTS" despite Diebold's assertions otherwise - WinCE is a "software kit" that needs to be "finished" (mostly core drivers like video, etc) by the hardware manufacturer.

Diebold.

So hide a couple hundred lines of code somewhere that checks for the "election mode" versus "test mode" flag...

For more on this WinCE issue including Diebold internal EMails discussing it:

http://www.equalccw.com/sscomments2.html

That's not even getting into how screwed up the central tabulator software is:

http://www.equalccw.com/deandemo.html

Ain't no WAY you can trust a Diebold system. Period.

Jim March
Member, Board of Directors, www.blackboxvoting.org

The GEMS (Global Election Management Software) program runs on a fairly standard P4 "server grade" box supplied by Diebold, usually a Dell of some sort. It "tallies the vote" on election night from both optical scan and touchscreen voting terminals.

Counties that use touchscreen terminals still use large-model optical scanners to process absentee votes back at county elections headquarters where the GEMS box is.

It's got the usual server stuff, lots of RAM, fair amount of disk space, etc. Funky stuff: a Digiboard multi-port serial card, usually 16 ports on PCI, sometimes two. A CD burner for backups...floppy, USB, etc. I examined the one in use in Fresno County California pretty carefully.

Software:

Most now are running Win2k; there are hints of XP here and there and some old ones have NT. They've had NT or better at least since 2000 (the year that is).

It's got the MS-Jet database engine and related goodies...including an MS-Access runtime. All the libraries to run Visual Basic script files are also present.

GEMS is itself an MS-Access application, and it's data files are fully readable by MS-Access.

IF MS-Access is loaded on the same PC as GEMS and it's data files, it's dead obvious that the data can be diddled with in Access without leaving an audit trail record and without requiring a password. Votes can be changed, the audit trail can be edited in a fashion that can't be detected later (because Diebold disabled automatic line numbering that would show a sequence problem!), etc.

We've known that for a while. And we knew that since GEMS was basically a "giant MS-Access script file itself" in compiled form, it would be possible to write small "hack scripts" to alter vote data.

What Professor Thompson has shown is that it's possible to write VB scripts in the notepad to do alterations to a vote data file. These scripts can be so small they could be typed in via MS-Notepad on election day.

Mind you, Diebold wouldn't need to go to even that much trouble.

Election observers (myself included) have personally seen Diebold techs on elections night with full access to either the terminals feeding PCMCIA cards from the field into the GEMS box, or the server itself.

We know that on 3/5/02 during the California governor's primaries, a Diebold tech in San Luis Obispo County stole the complete early results file right off of the server at 3:31pm, hours before the polls closed, and uploaded it to a Diebold FTP site. We know because we found it later. The ZIP password was defeated by a dictionary crack and turned out to be "sophia" - the Diebold tech on duty that day in that county was Sophia Lee.

So they damned well DO have enough on-site access to load hack scripts of the size range Prof. Thompson demonstrated.

Remote access:

We've played with various GEMS versions on various PCs. IF you run it on a box with firewall software like ZoneAlarm, you get random warning that GEMS is trying to make an outside connection of some sort. We call this the "ET phone home problem". We don't know where it thinks it's calling but that's how you'd beat a firewall on a county LAN if the GEMS box is so connected...set up GEMS to start the conversation from the inside.

Are GEMS boxes on such LANS? We know the IP addys that the Alameda GEMS box modem ports were set up at: 166.107.248.210 to 220. Now go ping the Alameda County website (www.acgov.org)...hmmmmm? Sure made 'em compatible, didn't they?

On those modems: the software behind them is MS-Remote Access Server (RAS). Diebold regularly tests the connections with laptops. They also know the phone numbers of these modem banks that the terminals dial into on election night to do early results. Looks like a security hole from hell to me!

As to the actual GEMS "double set of books" hack, here's the screenshots and explanation:

http://www.equalccw.

Jim Marsh's webpage, http://www.equalccw.com/deandemo.html"The Howard Dean Demo" shows in pictures how easy it is to manipulate the votes. It makes you wonder why the government pushes ahead with electronic voting when they know there are problems.

After skimming around some more, I found this page which has links to voting machine executables and some election results which Diebold inadvertently made public. You can actually run the software on your home computer to try it out.

Also on the page is Election Support Guide for Diebold staff pulling support duties at the elections. It includes such gems as:

The AccuFeed is often sensitive to the orientation, size, and print quality of the ballot.. AccuFeed units tend to reflect varying behavior in terms of speed and quality of processing. Familiarize yourself with the functioning of the AccuFeed before the election if it will be used in the election. Do not offer information as to the AccuFeed's shortcomings to the jurisdiction, even where obvious.

After skimming around some more, I found this page which has links to voting machine executables and some election results which Diebold inadvertently made public. You can actually run the software on your home computer to try it out.

Also on the page is Election Support Guide for Diebold staff pulling support duties at the elections. It includes such gems as:

The AccuFeed is often sensitive to the orientation, size, and print quality of the ballot.. AccuFeed units tend to reflect varying behavior in terms of speed and quality of processing. Familiarize yourself with the functioning of the AccuFeed before the election if it will be used in the election. Do not offer information as to the AccuFeed's shortcomings to the jurisdiction, even where obvious.

While reading through news items on the various Diebold electronic voting controversies, I came across this page showing step-by-step screenshots of how to secretly alter the votes on the central tabulator machines, as mentioned in a previous slashdot story.

If we can't get remove these systems (or give them paper trails) by November, perhaps we can instead follow the steps ourselves? Actually, we wouldn't even need to click through MS Access as shown above -- a quick little Visual Basic script would do the trick. It'd be neat if the US had Michael Badnarik and Ralph Nader as President and Vice President for the next four years.

> then they study it intensley for a minute trying to imagine a way that one could impale someone with 128mb of MSaccess files.

128mb of MSaccess files make for a more dangerous weapon then any knife I'd say...

Hey, with 128mb of MSaccess files, you can Take over a country...

You're so full of crap. In addition to hearing others you worked with mention it, I personally saw you pull out and open a monsterous knife, which I believe is pictured right here in your combat knife pages. If that's not the one, it was very similar. Please...do tell us how effective these weapons are for wire stripping. Oh - and then feel free to explain why you would be stripping wires when the job didn't require it - you were hired as a PC tech support person, and all of our datacomm equipment is purchased pre-made.

I didn't even bring up the nice little song you sang around the office - remember the "blow me" lyrics? All the women you worked with do.

But ask Bev, Lowell or a lot of other people whether or not I'm crazy.

Why would I trust the word of strangers when I saw your actions first hand?

Yes, but that isn't really the issue. The problem was that he was deliberately misled about the purpose of the show and would not have been.(according to the other stories linked to here) given a fair chance to defend his point of view. If someone's beliefs actually deserve being ridiculed on TV, then it should be quite possible to make them look like a fool by fair debate, without resorting to jokes about penis enlargement pills. As it is, their personality -- especially ability to work out what is going on and to keep their head -- might be tested, but their actual views hardly matter. A comedy show can make a point by demonstrating what is funny about a particular point of view, but from the sounds of it this one tries to produce humor by completely avoiding the topic -- which might not be such a problem if it didn't involve misleading guests and possibly damaging their reputations.

http://www.equalccw.com/thedebateshowfiasco.html.

Not pretty.

Personally, I spent Tuesday (local election) passing out the following flyer:

Will Your Vote Be Counted?

Diebold

• Produces the "Accuvote" touch-screen voting machines used in Virginia and at least 36 other states.
• Made over 40,000 internal company files, including passwords, encryption keys, source code, and user manuals, available to internet hackers worldwide.
• For a step-by-step guide on how to modify the votes in a Diebold-controlled election, see www.equalccw.com/dieboldtestnotes.html
• Despite Diebold's promises to tighten up security after two independent investigations in July and September, a third investigation in March of yielded the following quote:

  Diebold

  "basically had no interest in putting actual security in this system," said Paul Franceus, one of the consultants. "It's not like they did it wrong. It's like they didn't bother."

• In the the recent California audit, Diebold's own lawyers admitted that their client had "probably broken the law." Frustrated investigators asked whether Diebold was lying, or only "trying to be misleading" in their answers. Here's what Bob Urosevich, president of Diebold Election Systems, had to say for himself:

  We were caught. We apologize for that.

Direct Recording Electronic "DRE" Machines

Though Diebold has gotten bad press lately, (it's costing them hundreds of thousands of dollars in campaign "contributions" to stay in business), their competitors are no better. Any DRE machine would be just as vulnerable to error, tampering, and fraud. Because they do not produce a permanent record of each vote, modern computerized systems are no better than the huge mechanical lever machines of 1890. Because there is no reliable way to even detect errors, the results of any election using these machines is open to question.

Voter-Verifiable Audit Receipt

For at least ten years, security experts around the country have recommended the use of a Voter-Verifiable Audit, or "VVA," to guard against these problems. If passed, Voters Confidence and Increased Accuracy Act would require electronic voting machines to produce a paper printout of each vote. This "VVA Receipt" must be made available for each voter to check before being securely deposited into a sealed container. The paper ballots would count as the actual votes, taking precedence over any electronic tallies in case of doubt.

Urge your Senator and Representative to support the Voters Confidence Act, also known as H.R.2239 (in the House), and S.1980 (in the Senate.)

How to Buy an Election

"How do I know if the machine actually recorded my vote?" The fact is, you don't.
Representative Rush Holt (NJ)

To err is human, but to really foul things up requires a computer.

For more see Jim March's comments to the CA Secretary of State here

I love reading these stories about how everyone wants to make a national id card, Oracke wants to run the database, IBM wants to provide the hardware etc...

...and Diebold wants to make sure that your elected officials are really their elected officials (read: officials elected, quite literally, by Diebold), rather than the officials you voted for.

I'm not sure what scares me more: a national ID card, or the loss of my ability to vote against people who would support it.

p

It's much more than the lure of the forbidden. These documents don't only expose insecurity of the system and the potential for massive vote fraud; they expose evidence of illegal tampering in one election, and a callous attitude (to be generous) toward the implications of these security flaws for the public interest. Even worse, Diebold's response to the revealed flaws in their system and procedures was not to respond to the issues raised but rather to issue cease-and-desist orders. This is fundamentally about the democratic process, and there are good reasons to mirror these documents. The ultimate irony - and the thing that really makes me want to vomit - is that Diebold is also the company responsible for protecting the original Constitution, Bill of Rights, and Declaration of Independence.

mitch

How to hack an election 1.12: Diebold tries to silence incriminating evidence : Diebold, maker of proven-to-be hackable voting systems, plays global whack-a-mole, in effort to scare ISP's into taking down websites with incriminating material. They used the DCMA to shut down BlackBoxVoting.org.

But the incriminating data just keeps popping back up on the Net, and Gun-and-Voting rights activist Jim March calls the bluff and challenges Diebold "Diebold: You are cordially invited to bite me. Bring it on. Make my day.. March has created a legal strategy/toolkit for voting rights activists who want to fight Diebold, a company which has knowingly - for 10 years - sold security-compromised voting technology, and whose CEO, an aggressive Republican fundraiser, has said he is he is committed to helping Ohio deliver its electoral votes to the president next year. In internal memos published by Scoop, Diebold's officials admit that their voting records database is (and has been for a long time) hackable ( [anyone can] access the GEMS Access database and alter the Audit log without entering a password ) but that this isn't necessarily a problem because It has a lot to do with perception. Of course everyone knows perception is reality. For background to this story, see my summary of Mefi posts on the Voting Fraud story, from this thread. Diebold's funky voting systems are in the process of being Certified, in Maryland and elsewhere, by SAIC, a company convicted of major frauds within the last decade and which has extensive ties to the Bush Administration, the CIA, and which proudly lists DARPA in its annual report as one of its prime clients., and owns Network Solutions, Inc. SAIC has not, it seems, noticed the GEMS database story (see main link). If Diebold systems win certification, we can expect an awful lot of This sort of thing.

Computer security expert Dr. Rebecca Mercuri has some pointed analysis on the subject.

You can join the effort to demand truly secure voting systems at VerifiedVoting.Org

How to hack an election 1.12: Diebold tries to silence incriminating evidence : Diebold, maker of proven-to-be hackable voting systems, plays global whack-a-mole, in effort to scare ISP's into taking down websites with incriminating material. They used the DCMA to shut down BlackBoxVoting.org.

But the incriminating data just keeps popping back up on the Net, and Gun-and-Voting rights activist Jim March calls the bluff and challenges Diebold "Diebold: You are cordially invited to bite me. Bring it on. Make my day.. March has created a legal strategy/toolkit for voting rights activists who want to fight Diebold, a company which has knowingly - for 10 years - sold security-compromised voting technology, and whose CEO, an aggressive Republican fundraiser, has said he is he is committed to helping Ohio deliver its electoral votes to the president next year. In internal memos published by Scoop, Diebold's officials admit that their voting records database is (and has been for a long time) hackable ( [anyone can] access the GEMS Access database and alter the Audit log without entering a password ) but that this isn't necessarily a problem because It has a lot to do with perception. Of course everyone knows perception is reality. For background to this story, see my summary of Mefi posts on the Voting Fraud story, from this thread. Diebold's funky voting systems are in the process of being Certified, in Maryland and elsewhere, by SAIC, a company convicted of major frauds within the last decade and which has extensive ties to the Bush Administration, the CIA, and which proudly lists DARPA in its annual report as one of its prime clients., and owns Network Solutions, Inc. SAIC has not, it seems, noticed the GEMS database story (see main link). If Diebold systems win certification, we can expect an awful lot of This sort of thing.

Computer security expert Dr. Rebecca Mercuri has some pointed analysis on the subject.

You can join the effort to demand truly secure voting systems at VerifiedVoting.Org

How to hack an election 1.12: Diebold tries to silence incriminating evidence : Diebold, maker of proven-to-be hackable voting systems, plays global whack-a-mole, in effort to scare ISP's into taking down websites with incriminating material. They used the DCMA to shut down BlackBoxVoting.org.

But the incriminating data just keeps popping back up on the Net, and Gun-and-Voting rights activist Jim March calls the bluff and challenges Diebold "Diebold: You are cordially invited to bite me. Bring it on. Make my day.. March has created a legal strategy/toolkit for voting rights activists who want to fight Diebold, a company which has knowingly - for 10 years - sold security-compromised voting technology, and whose CEO, an aggressive Republican fundraiser, has said he is he is committed to helping Ohio deliver its electoral votes to the president next year. In internal memos published by Scoop, Diebold's officials admit that their voting records database is (and has been for a long time) hackable ( [anyone can] access the GEMS Access database and alter the Audit log without entering a password ) but that this isn't necessarily a problem because It has a lot to do with perception. Of course everyone knows perception is reality. For background to this story, see my summary of Mefi posts on the Voting Fraud story, from this thread. Diebold's funky voting systems are in the process of being Certified, in Maryland and elsewhere, by SAIC, a company convicted of major frauds within the last decade and which has extensive ties to the Bush Administration, the CIA, and which proudly lists DARPA in its annual report as one of its prime clients., and owns Network Solutions, Inc. SAIC has not, it seems, noticed the GEMS database story (see main link). If Diebold systems win certification, we can expect an awful lot of This sort of thing.

Computer security expert Dr. Rebecca Mercuri has some pointed analysis on the subject.

You can join the effort to demand truly secure voting systems at VerifiedVoting.Org

http://www.equalccw.com/dieboldtestnotes.html

Download it and look for yourself.

They admit it was real votes in the middle of the day. But if you want to see the specifics of why we knew it was real votes and the time stamp was accurate (it was not the FTP stamp, it was the file save date on a file inside a zip directory, backed up by dozens of automatic audit log items) -- and we knew it was not just that the clock was wrong because more votes appeared in the final tally.

Anyway, the details are here: Oooof! Proof?

The two-way modem info was simplistic, but all broadcast media that goes to general interest audiences is. They had that music on, going-going-going to commercial...but more importantly,

I knew that the two-way communications are possible because 1) I have seen the source code and it specifically enables read-write capabilities 2) I have installed the GEMS program and played with it 3) I have seen the user manuals, technical manuals, hardware manuals, installation instructions

Therefore, the information was accurate

As for left-wing journalist: Jim March, the person who found the files and posted the new Diebold stash for download, is a Republican/Libertarian gun activist. More on his point of view here: http://www.blackboxvoting.org/JimMarch2.htm

Cheers.

Bev

The file inside a zip directory, and the date stamp was intact, but more important is the audit log it contains, which has about a thousand events logged going back to spring 2000. The file was clearly saved on election day, and the SLO County election supervisor admitted that to me today.

There are ways to prevent pushing data in, but remember we are talking to people whose eyes glaze over if you get technical, and since I've seen the source code, run the programs, and have seen the tech manuals, installation guides, user manuals and parts list, I feel that I represented the situation fairly.

Bev Harris

The software and files in question may be found at http://www.equalccw.com/dieboldtestnotes.html

I don't see how some 57 voting machines could have accidently opened an FTP connection to the diebold FTP site and uploaded the .mdb files into "orig.zip" and password protected the archive with the name of a Diebold employee, then flagged them for said employee.

And yes, an MS Access .mdb file. They are Windows machines, you know ;)

This may be of interest.

The Johns Hopkins study isn't the worst of it. There is apparently a second report by some people who took a more detailed look at how the software stores data. It turns out that the format is MS Access, security is based on obscurity and that audit log entries aren't numbered.

http://www.equalccw.com/voteprar.html has links that go into more detail on this subject.

Cheers,
Coward 132-213