Diebold Election Audit Logs Defective

mtrachtenberg writes "Premier Election Solutions' (formerly Diebold) GEMS 1.18.19 election software audit logs don't record the deletion of ballots, don't always record correct dates, and can be deleted by the operator, either accidentally or intentionally. The California Secretary of State's office has just released a report about the situation (PDF) in the November 2008 election in Humboldt County, California (which we discussed at the time). Here's the California Secretary of State's links page on Diebold. The conclusion of the 13-page report reads: 'GEMS version 1.18.19 contains a serious software error that caused the omission of 197 ballots from the official results (which was subsequently corrected) in the November 4, 2008, General Election in Humboldt County. The potential for this error to corrupt election results is confined to jurisdictions that tally ballots using the GEMS Central Count Server. Key audit trail logs in GEMS version 1.18.19 do not record important operator interventions such as deletion of decks of ballots, assign inaccurate date and time stamps to events that are recorded, and can be deleted by the operator. The number of votes erroneously deleted from the election results reported by GEMS in this case greatly exceeds the maximum allowable error rate established by HAVA. In addition, each of the foregoing defects appears to violate the 1990 Voting System Standards to an extent that would have warranted failure of the GEMS version 1.18.19 system had they been detected and reported by the Independent Testing Authority that tested the system.'"

Old news

[canajin56]

is old. Its been known for years now. Its an Access database. Pretty sure you could reboot it, then hold down shift while it was starting to prevent the "auto-run" loading of the forms. And all the audit logs are just Visual Basic "triggers" that insert into a "log" table. Changing votes is as easy as going to the vote table and changing them. The Visual Basic triggers will be fired off, and insert crap into the logs. Then you just go to the log table and delete the new entries. There aren't logs of log changes or there would be an infinite loop of log entries, so you've just erased all record of your tampering. BlackBoxVoting.org has had detailed instructions up for as long as I've been hearing the name "Diebold".

Re:The real problem

[blueforce]

OR.... Diebold didn't make them, rather Premier Election Solutions did. Diebold bought Premier back in the early oughties when Wally O'Dell was CEO and had deep interest with the Bush administration. Your banking "issues" are from a completely separate company in a completely separate state.

http://www.rawstory.com/news/2005/Diebold_CEO_resigns_after_reports_of_1212.html

Re:Why Authentication is a good idea!

[Ironica]

The very polite woman looked away and told me that she CANNOT look at my ID Cards because of laws/rules. ...
What troubles me is that there was almost ZERO authentication! All I needed, was a name and to show up where that name would be likely registered and I could vote fraudulently. ...
I realized that this must be ON PURPOSE. But why? All I can conclude after much though is to allow fraud.

No... it's to allow everyone to vote, even if they don't have the money to get a state ID card.

There's no FREE form of authenticated ID. A passport costs $100. A California State ID Card costs $7 if you qualify for a reduced fee.

A state that provides authenticated ID at no charge might not have a state law requiring that people be allowed to vote without ID, but around here, requiring ID would be a financial barrier to voting.

Re:Fraud

[Ioldanach]

The "operator" is the casino, or bank. They trust themselves, if they make a mistake they're the ones that lose money. The "operator" of the ballot box is a member of the government who may have an axe to grind.

seems like shared responsibility

[Trepidity]

In most industrial settings, if something's built to a specification, and it's later discovered to have failed to meet the specification, the vendor's still at least partly liable, even if the customer failed to discover the defect in initial validation.