Obviously, that a company which specializes in encryption gets hacked is rather idiotic. If that's true, they need to step out of the arena for good, because the product they were offering was encryption to "protect" our votes.
Now, what many of you might not know is that the VoteHere source code has been used in entrapment attempts. Specifically, with me, and I documented the entrapment effort at the time. Pure retaliatory crap designed to find a way to get activists to shut up.
Next, it is not surprising they will try to link it to the Diebold files. But that's bullshit, too, and here's why:
The FTP site wasn't hacked, it was sitting there. Look in any user manual and you'll see the address.
The memos weren't hacked either, they were obtained with an employee ID number.
Now, are you ready for this? I've had dealings with both the Diebold memo leaker and this supposed "VoteHere" hacker. The second person is NOT the same as the first, and I find it extremely interesting that VoteHere is trying to claim it's the same person. I am dead-certain it's not.
This "VoteHere" hacker tried to dump the VoteHere source code on me; it was simply dumb; first of all, VoteHere was supposed to be going public with its source code, so who in their right mind would want to steal it. I certainly didn't want to touch it.
Then this "VoteHere" hacker agreed to a telephone interview with me. He made some claims about who he was, but was unaware that I had additional information from inside sources that would allow me to test the veracity of his claims. The first question I asked was a test question; he put me on "hold" and then came back and offered a lame-ass guess which immediately caused him to fail the ID contest.
I believe this is going to turn into an entrapment scheme. Some activist somewhere is going to get nailed, probably that's already in the works. That's because they were running around offering this honey pot and, unfortunately, some naive activist probably bit on it.
By the way, I asked the supposed "hacker" point blank how hard it was to hack into a company that specializes in encryption. Every time I asked a tough question, he had to put me on hold and go ask someone what to say. His answer was totally unconvincing.
The voice on the phone was quite distinctive, and matches another voice I've heard on the phone. I will be only too delighted to share what I know with the authorities. Just hope I get an honest cop.
The timing on this is very interesting. The chairman of VoteHere, Ralph Munro, is former Washington State Secretary of State and a few things are starting to pop in relation to the use of unauthorized voting software under his watch, and an ethics complaint that's being filed, or has been filed.
I'll be on the Mike Webb Show at 11 p.m. tonight (Pacific time) and will discuss this at more length.
The original file with the memos is 1.8 gigs and contains a lot of information not in the memo stash at IndyMedia, including dozens of actual vote databases and a gigantic directory called Bugzilla. Here's information from Black Box Voting, Chapter 9
Rob: "And then when we loaded the software to fix that, the machines were still acting ridiculous. I was saying, 'This is not good! We need some people that know what this stuff is supposed to do, from McKinney, NOW! These
machines, nobody knows what they're doing but Diebold, you need some people to fix them that know what's going on. They finally brought in guys, they ended up bringing in about 4 people...
You'd think that with such troubles, someone might follow standard company
procedure and write up a bug report.
"All bugs ever reported have bug numbers," wrote Ken Clark in a memo
dated Jan. 10, 2003, pointing out that the whole collection can be found in "Bugzilla."
So I went looking for Bugzilla reports from Georgia. My goodness. They weren't
there.
Bugzilla report numbers 1150-2150 correspond with June-Oct. 2002, but
although hundreds of these bug numbers are mentioned in memos and release
notes, I only found 75 Bugzilla reports for this time period, and none from Georgia.
Strange. I was looking forward to reading the explanations about how computers
can get up in the morning and announce that they have no brain [mentioned on an earlier page]. Aha --
Here's a memo about missing Bugzilla files: It's dated 8 Jul 2002, from principal
engineer Ken Clark.
Subject: bugzilla down, we are working on it. "We suffered a rather
catastrophic failure of the Bugzilla database," he writes. He warns that recovery
of the bugzilla reports "will be ugly" and adds that "there will be a large number of
missing bugs."
In a follow up note on July 16, Clark says "Some bugs were irrecoverably
lost and they will have to be re-found and re-submitted, but overall the loss was
relatively minor."
...among programmers, system backups are a religion. People are fired for not performing
a daily backup. Some programming shops back up every shift. Because
backups are critically important, expensive automated tape systems are employed
to minimize any data loss. By our estimation, almost a thousand bug reports are
missing, including all the Georgia bugs.
Black Box Voting publisher David Allen had a lengthy five-minute segment on Fox News at dinner hour on the East Coast. They led in throwing fish around saying "something is smelly."
We were also covered last week in the New York Times and USA Today. For many more details about the Rob Georgia story from WiredNews, download the new Chapter 9 pdf for the Black Box Voting book -- as of this writing, BlackBoxVoting.com is once again taken down, again for a bogus spam harrassment report -- conveniently, within 12 hours of posting this new chapter -- so you'll have to go to a backup site to download the chapter. The BlackBoxVoting.org site is still down due to a Diebold DMCA action.
In Chapter 9, you'll see that Diebold also seems to have lost the bug reports from Georgia and that internal memos show that six or seven patches were done, not just one. This went all the way to the president of Diebold, who at one point yelled at Rob "We don't need YOU airing OUR dirty laundry!"
I found the source code on their wide open web site (using the google search engine) in January.
The memos were sent to me by an insider, and I just got them 2 1/2 weeks ago.
This is important, because one is similar to software piracy (though debatable, because they are under some obligation to protect things if they want to call them trade secrets, and no one in their right mind would want to pirate this system, called "junk shit" by their own technicians, to resell it.
The memos, though, are just internal communications that were leaked, and once leaked and public, which they certainly are by now, when used only for fair use reasons in the public interest, the legal issues are quite different.
Just one question: Can I quote you on this? Wonderful post. And if you want your real name under the quote, email me at bev_blackboxvoting@yahoo.com
Yeah. They shut down my web site and even my normal email is messed up, it's an alias that funnels through to a real one, and even that one got discombobulated.
This is a SEARCH ENGINE, folks, that finds the Diebold memos. What's next -- Google?
"The purpose of this letter is to advise you of our clients' rights and to seek your agreement to the following: To remove from the web site the Diebold Property, and to remove or disable the information location tools (including any associated indices used for searching) contained therein as identified in the attached chart and to destroy any backup copies of the Diebold Property and/or information location tools, including associated indices, that are contained on your server."
Diebold objected to publishing a link to a foreign web site which in turn published links to the Diebold memos, and our ISP caved. More on this here, and you'll find the letter from the Diebold attorney here -- and for a small hoot, please notice that the letter, which is not copyrighted, includes the link (three times) which they object to, and therefore republishing the letter telling people not to publish the link actually serves to publish the link.
Here is what I have been doing all day:
Reporter: Why is Diebold sending cease and desists? Me: Because they don't want anyone to see their memos Reporter: Oh. What is in the memos? Me: Oh, things about security flaws and using uncertified software and using cell phones to intercept and transfer votes and discussions of how to fake things... Reporter: Wow. Where can I download these? Me: At this web site Reporter: Okay I'm going there now, okay, it's downloading, when I'm done will you give me a guided tour? Me: Sure. And here is a neat little web page where you just enter any search term and it instantly searches and find you the Diebold memos that match Reporter: What search terms should I start with? Me: Try "boogie man" and also "hack" "cel phone" "broken" "fake" and one of my personal favorites, "What good are rules" Reporter: I'll try that "what good are rules" one. Found it. Gosh, what is he doing? Is that legal? Me: No.
And so it goes. Excellent plan, Diebold. Yes, shut down a web site, that'll help.
Besides reporters, the memos were downloaded today by the U.S. House of Representatives.
There is a sort of whack-a-mole activity going on with Diebold; so far it has filed six cease & desist orders but the entire stash of 15,000 memos keeps popping up. For the latest link, visit www.blackboxvoting.org and judge for yourself. Thought you'd be interested in this exchange:
Sent: Wednesday, January 17, 2001 8:07 AM
"Hi Nel, Sophie & Guy (you to John), I need some answers! Our department is being audited by the County. I have been waiting for someone to give me an explanation as to why Precinct 216 gave Al Gore a minus 16022 when it was uploaded. Will someone please explain this so that I have the information to give the auditor instead of standing here "looking dumb".
"I would appreciate an explanation on why the memory cards start giving check sum messages. We had this happen in several precincts and one of these precincts managed to get her memory card out of election mode and then back in it, continued to read ballots, not realizing that the 300+ ballots she had read earlier were no longer stored in her memory card . Needless to say when we did our hand count this was discovered.
"Any explantations you all can give me will be greatly appreciated.
Thanks bunches,
Lana "
followup:
Date: Thu, 18 Jan 2001 15:44:50 -0500
"There are two separate issues/problems that are getting combined in this stream.
"- a check sum error occurred which the poll worker reset and continued counting the card "did not" require downloading before be reset. She never reran the previously counted ballots and this resulted in some negative PR post election. So that is Lana's primary question, how did this happen? Ken explanation sounds like a good one and will not require a line for VTS if we can ever get to GEMS.
"- the negative numbers on media display occurred when Lana attempted to reupload a card or duplicate card. Sophia and Tab may be able to shed some light here, keeping in mind that the boogie man may me reading our mail. Do we know how this could occur? "
NOTES
Sophia was the Diebold tech involved with the San Luis Obispo vote tally that appeared on the Internet five hours before poll closing.
Sophia is also the King County tech rep -- note the Ken Clark alter the audit log memo, talking about doing "end runs" around the voting system -- "King County is famous for it"
followup: possibility of "unauthorised source
Date: Thu, 18 Jan 2001 13:31:04 -0800
"John,
"Here is all the information I have about the 'negative' counts.
"Only the presidential totals were incorrect. All the other races the sum of the votes + under votes + blank votes = sum of ballots cast.
The problem precinct had two memcory [sic] cards uploaded. The second one is the one I believe caused the problem. They were uploaded on the same port approx. 1 hour apart. As far as I know there should only have been one memory card uploaded. I asked you to check this out when the problem first occured but have not heard back as to whether this is true.
"When the precinct was cleared and re-uploaded (only one memory card as far as I know) everything was fine.
"Given that we transfer data in ascii form not binary and given the way the data was 'invalid' the error could not have occured during transmission. Therefore the error could only occur in one of four ways:
"Corrupt memory card. This is the most likely explaination for the problem but since I know nothing about the 'second' memory card I have no ability to confirm the probability of this.
"Invalid read from good memory card. This is unlikely since the candidates results for the race are not all read at the same time and the corruption was limited to a single race. There is a possiblilty that a section of the memory card was bad but since I do not know anything more about the 'second' memory card I cannot validate this.
"Corruption of memory, whether on the host or Accu-Vote
Seminole County is in the Diebold internal memos, though Volusia County memos are much worse than Seminole. Just because you saw no problems does not mean there were none. The problem discussed in Salon.com affects your fill-in-the-dot ballots and touch screens equally.
The problem is, no one looks at the paper ballots, even in a recount -- they just run them through the machines again.
In the Diebold memos is a fascinating bit about Volusia County. Diebold machines apparently gave Al Gore MINUS 16,022 votes. Just a glitch, said the news media.
Not quite -- the internal memos show that the programmers couldn't quite explain it, but what they DO know is that two different memory cards were uploaded, card #0 (correct totals) and one hour later, card #3 (all totals correct except for the presidential race). Card #3 has since been misplaced, darn it, no one can find it. And in the memos (triggered by a pesky Florida auditor, doggone those people) as they struggle to come up with a plausible explanation one of them cautions the others to be careful, "you never know when the boogie man is reading these."
Just so you know: I have never "published articles in Conspiracy Planet."
Just as the Salon.com article was picked up here at Slashdot, Conspiracy Planet picks up articles from wherever it wants. It copied an article that was in Scoop Media. The Seattle Times reporter was somewhat misleading, and he was determined to get the word "conspiracy" into the article somehow.
I put him on notice that if he called me a conspiracy theorist, he would have to back that up with facts or I would require the editors to print a correction. Then he said "well, I'll just print what others say about you."
This guy did everything but stand on his head to slant the story, but I blocked most of the efforts. Something he fails to report in his story is that the Microsoft Access hack that is the subject of the Scoop Media article, the Ken Clark memo, and the Salon.com article (and was vetted out right here on Slashdot) -- well, I demonstrated that hack in front of the Seattle Times reporter, the IT guy for the Times, and a Seattle Times photographer, who commented, "Wow. This shows you can rig an election."
The reporter's use of the "Conspiracy Planet" reference was pretty disengenuous, when you realize that he knew damn well my work has also been covered in the Washington Post, AP Wire service, the San Francisco Chronicle, and CNN.
As you can see, I'm getting sick of the "conspiracy" label, since I've broken seven stories in a row on the voting issue and every one of them has checked out and, eventually, been picked up by the mainstream media, albeit haltingly. For a long time I just ignored it, but now, when reporters try to go there, I tell them to back it up or get hit with a correction, and if they don't correct, a libel suit.
Sad that it has to come to this -- printing facts is not the same thing as being a tinfoil hatter. What I do is scrutiny, and my facts check out.
They admit it was real votes in the middle of the day. But if you want to see the specifics of why we knew it was real votes and the time stamp was accurate (it was not the FTP stamp, it was the file save date on a file inside a zip directory, backed up by dozens of automatic audit log items) -- and we knew it was not just that the clock was wrong because more votes appeared in the final tally.
The two-way modem info was simplistic, but all broadcast media that goes to general interest audiences is. They had that music on, going-going-going to commercial...but more importantly,
I knew that the two-way communications are possible because 1) I have seen the source code and it specifically enables read-write capabilities 2) I have installed the GEMS program and played with it 3) I have seen the user manuals, technical manuals, hardware manuals, installation instructions
Therefore, the information was accurate
As for left-wing journalist: Jim March, the person who found the files and posted the new Diebold stash for download, is a Republican/Libertarian gun activist. More on his point of view here: http://www.blackboxvoting.org/JimMarch2.htm
So many ways to rig an insecure system, such lovely possibilities:
Select candidates at the primary level so even if the other side wins, they lose
Use your new electronic voter registration capabilities (run by Diebold also) to dump every geezer in a nursing home bed into the system, and
Use your new electronic sign-in method (Diebold smart cards) to turn the polling place check-in into bits and bytes and
Stuff the electronic ballot box using the geezer votes
Wow. Are we having fun yet?
It could be either party, or some bearded guy sitting in a cave in the Middle East, for all we know, as long as he has a modem and some hacker buddies.
but they refuse to use it. Cost of paper for a large metro precinct: $15
But they are paying $200,000 for a massive PR campaign to dissuade people from thinking we need a paper trail.
Here's a concept: Use the fairly robust printer that is already built into the Diebold touch screens. Use the paper that's already in there because it prints a report when the polls close. Print ballots and use the ballot boxes you already have because you've had them for a hundred years, put the paper ballot in there after We, the People, verify our vote, and then audit the machines in a halfway sensible way.
I think the Diebold machines can't possibly qualify. They are required to be certified by Independent Testing Authorities (there is only one that does the software, called Ciber, and one man there has been in charge of this for several years. Here he is:
He has bounced from one certifier to another because they all keep dropping it. Whoever picks it up, the same guy ends up doing the testing.
Despite two formal public records requests, we have not been able to get hold of any copy of any certification document for the Diebold touch screen machines, and when we have called the only contact person you are allowed to call, R. Doug Lewis, he has hung up on four people in a row.
The file inside a zip directory, and the date stamp was intact, but more important is the audit log it contains, which has about a thousand events logged going back to spring 2000. The file was clearly saved on election day, and the SLO County election supervisor admitted that to me today.
There are ways to prevent pushing data in, but remember we are talking to people whose eyes glaze over if you get technical, and since I've seen the source code, run the programs, and have seen the tech manuals, installation guides, user manuals and parts list, I feel that I represented the situation fairly.
that they did it one-way. In fact, they specifically put in a read-write function in the Windows CE source code, overwriting the instructions by BSquare, who did the CE programming, that it must remain read-only. They also removed the requirement for authentications.
Have the tech manuals, user manuals, setup guidelines. No evidence that anything they did was one-way, plenty of evidence that it hung the welcome sign out for hackers.
The machines are in the precincts, then they send results to a central count machine which tabulates them. The file was created by the GEMS server, not by the precincts. It contained votes from 57 precincts.
The biggest problem of all, for Diebold: They claim the Hopkins/Rice report which identified "stunning, stunning security flaws" was flawed because they have such bulletproof physical security around these machines.
Supposedly, only the county supervisor can access the carefully protected GEMS machine. Okay, if that's the case, and I spoke with the county supervisor today, and she says that neither she nor any of her staff put that GEMS file on the computer, and she admits that it has real votes in it --
Then who put it on the server? I'll tell you who it appears to be: The file had a password. The password was "sophia" and a Diebold employee named Sophia was at the San Luis Obispo elections office that day.
Wait a minute, though -- what happened to Diebold's bulletproof physical security argument? How did Sophia grab a gigantic file (you can download this file, here's a page with the link -- how did that file get from the safe and secure GEMS computer to the Diebold web site?
Oh yes, and the county supervisor told me her machine was not connected to the web.
Money = paper trail. When you go to the ATM you get money. That is your paper trail. You also get a receipt. That makes two paper trails.
The touch screen machines come with a fairly robust printer inside them already, and it costs only $15 to put paper in it for a large metro precinct. Print the ballot, keep it in a ballot box, do a decent audit.
That's the whole issue, and the understory is this: Why are they trying so hard to avoid this simple solution?
the encryption key on the public FTP site and left it there for six years.
Actually, they say they use 32 bit encryption, which, when I spoke with Hopkins/Rice Report research Dan Wallach, he indicated could be broken within a minute with a commercial encryption-cracking device -- and even that weenie process, they use incorrectly.
It gets worse and worse. You should see what they did to Windows.
because a bunch of defense contractors and crony-connected "procurement" agencies back-roomed in the HAVA bill -- see My Meeting with the Black Box Yakuza
David Allen got the password for a secret teleconference of voting company insiders, plus the head of "The Election Center" which is supposed to represent We, the People, and a lobbyist telling the voting machine vendors to pony up $200,000 in a week for a PR blitz, due to the fact that the industry is in trouble.
Much talk was made about making sure no one in the media found out about it; imagine their chagrin when Scoop Media (that pesky New Zealand web site) had a transcript and the proposal document on the web within half an hour.
In this meeting, the vendors asked if Lockheed-Martin and Northrop Grumman and others could help them with this PR fiasco "like they helped with the HAVA bill." A subtle but rather stunning exchange followed where they all discussed how the defense contractors and procurers (and they named them: Lockheed-Martin, Northrop-Grumman, EDS and Accenture) were the driving force behind the bill for new voting machines, and that it was done specifically for profit motives.
And these were the insiders, folks. I will not be surprised if soon, that pesky New Zealand site posts an MP3 sound track of that meeting.
California allows only one-half of one percent of the precincts in the state to be audited. That means, if you rig an optical scan machine, you have a 99.5% chance of going undetected.
Add to that the ubiquitous "computer glitch" which seems to the the plausible deniability excuse of choice. Do a Lexis-Nexis search with the words "glitch" and "election" and you'll see that many elections have been miscounted by these machines, including many that flip the race to the wrong candidate, even when the contest is not particularly close.
Bev Harris
Black Box Voting
Gun activist posts the Diebold files on new download site: "Make My Day," he challenges the lawyers -- "You are cordially invited to bite me"
Slashdot Mirror
Now, what many of you might not know is that the VoteHere source code has been used in entrapment attempts. Specifically, with me, and I documented the entrapment effort at the time. Pure retaliatory crap designed to find a way to get activists to shut up.
Next, it is not surprising they will try to link it to the Diebold files. But that's bullshit, too, and here's why:
The FTP site wasn't hacked, it was sitting there. Look in any user manual and you'll see the address.
The memos weren't hacked either, they were obtained with an employee ID number.
Now, are you ready for this? I've had dealings with both the Diebold memo leaker and this supposed "VoteHere" hacker. The second person is NOT the same as the first, and I find it extremely interesting that VoteHere is trying to claim it's the same person. I am dead-certain it's not.
This "VoteHere" hacker tried to dump the VoteHere source code on me; it was simply dumb; first of all, VoteHere was supposed to be going public with its source code, so who in their right mind would want to steal it. I certainly didn't want to touch it.
Then this "VoteHere" hacker agreed to a telephone interview with me. He made some claims about who he was, but was unaware that I had additional information from inside sources that would allow me to test the veracity of his claims. The first question I asked was a test question; he put me on "hold" and then came back and offered a lame-ass guess which immediately caused him to fail the ID contest.
I believe this is going to turn into an entrapment scheme. Some activist somewhere is going to get nailed, probably that's already in the works. That's because they were running around offering this honey pot and, unfortunately, some naive activist probably bit on it.
By the way, I asked the supposed "hacker" point blank how hard it was to hack into a company that specializes in encryption. Every time I asked a tough question, he had to put me on hold and go ask someone what to say. His answer was totally unconvincing.
The voice on the phone was quite distinctive, and matches another voice I've heard on the phone. I will be only too delighted to share what I know with the authorities. Just hope I get an honest cop.
The timing on this is very interesting. The chairman of VoteHere, Ralph Munro, is former Washington State Secretary of State and a few things are starting to pop in relation to the use of unauthorized voting software under his watch, and an ethics complaint that's being filed, or has been filed.
I'll be on the Mike Webb Show at 11 p.m. tonight (Pacific time) and will discuss this at more length.
Bev Harris
Black Box Voting
Rob: "And then when we loaded the software to fix that, the machines were still acting ridiculous. I was saying, 'This is not good! We need some people that know what this stuff is supposed to do, from McKinney, NOW! These machines, nobody knows what they're doing but Diebold, you need some people to fix them that know what's going on. They finally brought in guys, they ended up bringing in about 4 people...
You'd think that with such troubles, someone might follow standard company procedure and write up a bug report.
"All bugs ever reported have bug numbers," wrote Ken Clark in a memo dated Jan. 10, 2003, pointing out that the whole collection can be found in "Bugzilla." So I went looking for Bugzilla reports from Georgia. My goodness. They weren't there.
Bugzilla report numbers 1150-2150 correspond with June-Oct. 2002, but although hundreds of these bug numbers are mentioned in memos and release notes, I only found 75 Bugzilla reports for this time period, and none from Georgia. Strange. I was looking forward to reading the explanations about how computers can get up in the morning and announce that they have no brain [mentioned on an earlier page]. Aha -- Here's a memo about missing Bugzilla files: It's dated 8 Jul 2002, from principal engineer Ken Clark.
Subject: bugzilla down, we are working on it. "We suffered a rather catastrophic failure of the Bugzilla database," he writes. He warns that recovery of the bugzilla reports "will be ugly" and adds that "there will be a large number of missing bugs."
In a follow up note on July 16, Clark says "Some bugs were irrecoverably lost and they will have to be re-found and re-submitted, but overall the loss was relatively minor."
Bev Harris Black Box Voting
We were also covered last week in the New York Times and USA Today. For many more details about the Rob Georgia story from WiredNews, download the new Chapter 9 pdf for the Black Box Voting book -- as of this writing, BlackBoxVoting.com is once again taken down, again for a bogus spam harrassment report -- conveniently, within 12 hours of posting this new chapter -- so you'll have to go to a backup site to download the chapter. The BlackBoxVoting.org site is still down due to a Diebold DMCA action.
In Chapter 9, you'll see that Diebold also seems to have lost the bug reports from Georgia and that internal memos show that six or seven patches were done, not just one. This went all the way to the president of Diebold, who at one point yelled at Rob "We don't need YOU airing OUR dirty laundry!"
Nice folks, lovely voting system.
Bev Harris Author of Black Box Voting
and you'll be happy to know they can do this by land line modem, wireless modem or cell phone.
The memos were sent to me by an insider, and I just got them 2 1/2 weeks ago.
This is important, because one is similar to software piracy (though debatable, because they are under some obligation to protect things if they want to call them trade secrets, and no one in their right mind would want to pirate this system, called "junk shit" by their own technicians, to resell it.
The memos, though, are just internal communications that were leaked, and once leaked and public, which they certainly are by now, when used only for fair use reasons in the public interest, the legal issues are quite different.
Yeah. They shut down my web site and even my normal email is messed up, it's an alias that funnels through to a real one, and even that one got discombobulated.
Anyway -- great post, thanks and heh.
Bev
This is a SEARCH ENGINE, folks, that finds the Diebold memos. What's next -- Google?
"The purpose of this letter is to advise you of our clients' rights and to seek your agreement to the following: To remove from the web site the Diebold Property, and to remove or disable the information location tools (including any associated indices used for searching) contained therein as identified in the attached chart and to destroy any backup copies of the Diebold Property and/or information location tools, including associated indices, that are contained on your server."
Here is what I have been doing all day:
Reporter: Why is Diebold sending cease and desists?
Me: Because they don't want anyone to see their memos
Reporter: Oh. What is in the memos?
Me: Oh, things about security flaws and using uncertified software and using cell phones to intercept and transfer votes and discussions of how to fake things...
Reporter: Wow. Where can I download these?
Me: At this web site
Reporter: Okay I'm going there now, okay, it's downloading, when I'm done will you give me a guided tour?
Me: Sure. And here is a neat little web page where you just enter any search term and it instantly searches and find you the Diebold memos that match
Reporter: What search terms should I start with?
Me: Try "boogie man" and also "hack" "cel phone" "broken" "fake" and one of my personal favorites, "What good are rules"
Reporter: I'll try that "what good are rules" one. Found it. Gosh, what is he doing? Is that legal?
Me: No.
And so it goes. Excellent plan, Diebold. Yes, shut down a web site, that'll help.
Besides reporters, the memos were downloaded today by the U.S. House of Representatives.
Well I should have edited that title
They are demanding that the links on BlackBoxVoting.org be disabled. I will get the photocopy of this absurd letter posted on www.blackboxvoting.org
Sent: Wednesday, January 17, 2001 8:07 AM
"Hi Nel, Sophie & Guy (you to John), I need some answers! Our department is being audited by the County. I have been waiting for someone to give me an explanation as to why Precinct 216 gave Al Gore a minus 16022 when it was uploaded. Will someone please explain this so that I have the information to give the auditor instead of standing here "looking dumb".
"I would appreciate an explanation on why the memory cards start giving check sum messages. We had this happen in several precincts and one of these precincts managed to get her memory card out of election mode and then back in it, continued to read ballots, not realizing that the 300+ ballots she had read earlier were no longer stored in her memory card . Needless to say when we did our hand count this was discovered.
"Any explantations you all can give me will be greatly appreciated.
Thanks bunches,
Lana
"
followup:
Date: Thu, 18 Jan 2001 15:44:50 -0500
"There are two separate issues/problems that are getting combined in this stream.
"- a check sum error occurred which the poll worker reset and continued counting the card "did not" require downloading before be reset. She never reran the previously counted ballots and this resulted in some negative PR post election. So that is Lana's primary question, how did this happen? Ken explanation sounds like a good one and will not require a line for VTS if we can ever get to GEMS.
"- the negative numbers on media display occurred when Lana attempted to reupload a card or duplicate card. Sophia and Tab may be able to shed some light here, keeping in mind that the boogie man may me reading our mail. Do we know how this could occur? "
NOTES
Sophia was the Diebold tech involved with the San Luis Obispo vote tally that appeared on the Internet five hours before poll closing.
Sophia is also the King County tech rep -- note the Ken Clark alter the audit log memo, talking about doing "end runs" around the voting system -- "King County is famous for it"
followup: possibility of "unauthorised source
Date: Thu, 18 Jan 2001 13:31:04 -0800
"John,
"Here is all the information I have about the 'negative' counts.
"Only the presidential totals were incorrect. All the other races the sum of the votes + under votes + blank votes = sum of ballots cast. The problem precinct had two memcory [sic] cards uploaded. The second one is the one I believe caused the problem. They were uploaded on the same port approx. 1 hour apart. As far as I know there should only have been one memory card uploaded. I asked you to check this out when the problem first occured but have not heard back as to whether this is true.
"When the precinct was cleared and re-uploaded (only one memory card as far as I know) everything was fine.
"Given that we transfer data in ascii form not binary and given the way the data was 'invalid' the error could not have occured during transmission. Therefore the error could only occur in one of four ways:
"Corrupt memory card. This is the most likely explaination for the problem but since I know nothing about the 'second' memory card I have no ability to confirm the probability of this.
"Invalid read from good memory card. This is unlikely since the candidates results for the race are not all read at the same time and the corruption was limited to a single race. There is a possiblilty that a section of the memory card was bad but since I do not know anything more about the 'second' memory card I cannot validate this.
"Corruption of memory, whether on the host or Accu-Vote
The problem is, no one looks at the paper ballots, even in a recount -- they just run them through the machines again.
In the Diebold memos is a fascinating bit about Volusia County. Diebold machines apparently gave Al Gore MINUS 16,022 votes. Just a glitch, said the news media.
Not quite -- the internal memos show that the programmers couldn't quite explain it, but what they DO know is that two different memory cards were uploaded, card #0 (correct totals) and one hour later, card #3 (all totals correct except for the presidential race). Card #3 has since been misplaced, darn it, no one can find it. And in the memos (triggered by a pesky Florida auditor, doggone those people) as they struggle to come up with a plausible explanation one of them cautions the others to be careful, "you never know when the boogie man is reading these."
You can find this memo and commentary on it at www.blackboxvoting.com and you can find a link to ALL the memos at the activism site, www.blackboxvoting.org
Just as the Salon.com article was picked up here at Slashdot, Conspiracy Planet picks up articles from wherever it wants. It copied an article that was in Scoop Media. The Seattle Times reporter was somewhat misleading, and he was determined to get the word "conspiracy" into the article somehow.
I put him on notice that if he called me a conspiracy theorist, he would have to back that up with facts or I would require the editors to print a correction. Then he said "well, I'll just print what others say about you."
This guy did everything but stand on his head to slant the story, but I blocked most of the efforts. Something he fails to report in his story is that the Microsoft Access hack that is the subject of the Scoop Media article, the Ken Clark memo, and the Salon.com article (and was vetted out right here on Slashdot) -- well, I demonstrated that hack in front of the Seattle Times reporter, the IT guy for the Times, and a Seattle Times photographer, who commented, "Wow. This shows you can rig an election."
The reporter's use of the "Conspiracy Planet" reference was pretty disengenuous, when you realize that he knew damn well my work has also been covered in the Washington Post, AP Wire service, the San Francisco Chronicle, and CNN.
As you can see, I'm getting sick of the "conspiracy" label, since I've broken seven stories in a row on the voting issue and every one of them has checked out and, eventually, been picked up by the mainstream media, albeit haltingly. For a long time I just ignored it, but now, when reporters try to go there, I tell them to back it up or get hit with a correction, and if they don't correct, a libel suit.
Sad that it has to come to this -- printing facts is not the same thing as being a tinfoil hatter. What I do is scrutiny, and my facts check out.
Bev Harris
100,000 kb in Microsoft Access form.
http://www.equalccw.com/dieboldtestnotes.html
Download it and look for yourself.
They admit it was real votes in the middle of the day. But if you want to see the specifics of why we knew it was real votes and the time stamp was accurate (it was not the FTP stamp, it was the file save date on a file inside a zip directory, backed up by dozens of automatic audit log items) -- and we knew it was not just that the clock was wrong because more votes appeared in the final tally.
Anyway, the details are here: Oooof! Proof?
The two-way modem info was simplistic, but all broadcast media that goes to general interest audiences is. They had that music on, going-going-going to commercial...but more importantly,
I knew that the two-way communications are possible because 1) I have seen the source code and it specifically enables read-write capabilities 2) I have installed the GEMS program and played with it 3) I have seen the user manuals, technical manuals, hardware manuals, installation instructions
Therefore, the information was accurate
As for left-wing journalist: Jim March, the person who found the files and posted the new Diebold stash for download, is a Republican/Libertarian gun activist. More on his point of view here: http://www.blackboxvoting.org/JimMarch2.htm
Cheers.
Bev
Select candidates at the primary level so even if the other side wins, they lose
Use your new electronic voter registration capabilities (run by Diebold also) to dump every geezer in a nursing home bed into the system, and
Use your new electronic sign-in method (Diebold smart cards) to turn the polling place check-in into bits and bytes and
Stuff the electronic ballot box using the geezer votes
Wow. Are we having fun yet?
It could be either party, or some bearded guy sitting in a cave in the Middle East, for all we know, as long as he has a modem and some hacker buddies.
Bev Harris
But they are paying $200,000 for a massive PR campaign to dissuade people from thinking we need a paper trail.
Here's a concept: Use the fairly robust printer that is already built into the Diebold touch screens. Use the paper that's already in there because it prints a report when the polls close. Print ballots and use the ballot boxes you already have because you've had them for a hundred years, put the paper ballot in there after We, the People, verify our vote, and then audit the machines in a halfway sensible way.
Bev Harris
Shawn Southworth
He has bounced from one certifier to another because they all keep dropping it. Whoever picks it up, the same guy ends up doing the testing.
Despite two formal public records requests, we have not been able to get hold of any copy of any certification document for the Diebold touch screen machines, and when we have called the only contact person you are allowed to call, R. Doug Lewis, he has hung up on four people in a row.
Bev Harris
The file inside a zip directory, and the date stamp was intact, but more important is the audit log it contains, which has about a thousand events logged going back to spring 2000. The file was clearly saved on election day, and the SLO County election supervisor admitted that to me today.
There are ways to prevent pushing data in, but remember we are talking to people whose eyes glaze over if you get technical, and since I've seen the source code, run the programs, and have seen the tech manuals, installation guides, user manuals and parts list, I feel that I represented the situation fairly.
Bev Harris
Have the tech manuals, user manuals, setup guidelines. No evidence that anything they did was one-way, plenty of evidence that it hung the welcome sign out for hackers.
Bev Harris
The biggest problem of all, for Diebold: They claim the Hopkins/Rice report which identified "stunning, stunning security flaws" was flawed because they have such bulletproof physical security around these machines.
Supposedly, only the county supervisor can access the carefully protected GEMS machine. Okay, if that's the case, and I spoke with the county supervisor today, and she says that neither she nor any of her staff put that GEMS file on the computer, and she admits that it has real votes in it --
Then who put it on the server? I'll tell you who it appears to be: The file had a password. The password was "sophia" and a Diebold employee named Sophia was at the San Luis Obispo elections office that day.
Wait a minute, though -- what happened to Diebold's bulletproof physical security argument? How did Sophia grab a gigantic file (you can download this file, here's a page with the link -- how did that file get from the safe and secure GEMS computer to the Diebold web site?
Oh yes, and the county supervisor told me her machine was not connected to the web.
Bev Harris
The touch screen machines come with a fairly robust printer inside them already, and it costs only $15 to put paper in it for a large metro precinct. Print the ballot, keep it in a ballot box, do a decent audit.
That's the whole issue, and the understory is this: Why are they trying so hard to avoid this simple solution?
Bev Harris
Actually, they say they use 32 bit encryption, which, when I spoke with Hopkins/Rice Report research Dan Wallach, he indicated could be broken within a minute with a commercial encryption-cracking device -- and even that weenie process, they use incorrectly.
It gets worse and worse. You should see what they did to Windows.
Bev Harris
David Allen got the password for a secret teleconference of voting company insiders, plus the head of "The Election Center" which is supposed to represent We, the People, and a lobbyist telling the voting machine vendors to pony up $200,000 in a week for a PR blitz, due to the fact that the industry is in trouble.
Much talk was made about making sure no one in the media found out about it; imagine their chagrin when Scoop Media (that pesky New Zealand web site) had a transcript and the proposal document on the web within half an hour.
In this meeting, the vendors asked if Lockheed-Martin and Northrop Grumman and others could help them with this PR fiasco "like they helped with the HAVA bill." A subtle but rather stunning exchange followed where they all discussed how the defense contractors and procurers (and they named them: Lockheed-Martin, Northrop-Grumman, EDS and Accenture) were the driving force behind the bill for new voting machines, and that it was done specifically for profit motives.
And these were the insiders, folks. I will not be surprised if soon, that pesky New Zealand site posts an MP3 sound track of that meeting.
Bev Harris
Black Box Voting
Add to that the ubiquitous "computer glitch" which seems to the the plausible deniability excuse of choice. Do a Lexis-Nexis search with the words "glitch" and "election" and you'll see that many elections have been miscounted by these machines, including many that flip the race to the wrong candidate, even when the contest is not particularly close.
Bev Harris
Black Box Voting
Gun activist posts the Diebold files on new download site: "Make My Day," he challenges the lawyers -- "You are cordially invited to bite me"