SAIC REPORT ON DIEBOLD POSTED!

EDIT - TYPO correction.

Getting link.

Unfortunately, a PDF doc and cut/paste disabled.

They downplay Rubin's report, using the the "must consider other controls" excuse, BUT

"This risk assessment has identified several high-ris vulnerabilities in the implementation of the managerial, operational and technical controls of the Accu-Vote TS system.

http://www.dbm.maryland.gov/dbm_search/technology/toc_voting_system_report/votingsystemreportfinal.pdf

David Allen
Publisher, CEO, Janitor
Plan Nine Publishing
1237 Elon Place
High Point, NC 27263
http://www.plan9.org

David,

Will you and/or Bev do a press release on this report? Timeliness is of the essence. I wish I could offer to help dissect the report, but its length (40 pages) scares me off a bit.

We hope to get something up soon. Just posted to bbv.com

David Allen
Publisher, CEO, Janitor
Plan Nine Publishing
http://www.plan9.org

EXECUTIVE SUMMARY

This report presents the results of a risk assessment of the AccuVote-TS voting system as currently implemented in Maryland by the State Board of Elections (SBE) and the Local Boards of Elections (LBEs). This Risk Assessment report includes evaluations of threats, vulnerabilities, security controls, and risks associated with the AccuVote-TS system and possible impacts to the State and the integrity of its elections process from successful exploitation of identified weaknesses.

This Risk Assessment was performed using the methodology documented in National Institute of Science and Technology (NIST) SP 800-30, Risk Management Guide for Information Technology Systems, and in the State of Maryland’s Certification and Accreditation Guidelines. This assessment consists of agency-directed, independent verification of systems, software, and processes associated with the system. This assessment provides an in-depth analysis of security controls, including comprehensive personnel interviews, documentation reviews, site surveys, and evaluation of the system’s hardware and software. Overall, this assessment measures the level of assurance that the security controls for the system are fully formed and documented, correctly implemented, and effective in their application.

Findings & Recommendations

In the course of this Risk Assessment, we reviewed the statements that were made by Aviel. D. Rubin, professor at Johns Hopkins University, in his report dated July 23, 2003. In general, SAIC made many of the same observations, when considering only the source code. While many of the statements made by Mr. Rubin were technically correct, it is clear that Mr. Rubin did not have a complete understanding of the State of Maryland’s implementation of the AccuVote-TS voting system, and the election process controls or environment. It must be noted that Mr. Rubin states this fact several times in his report and he further identifies the assumptions that he used to reach his conclusions. The State of Maryland procedural controls and general voting environment reduce or eliminate many of the vulnerabilities identified in the Rubin report. However, these controls, while sufficient to help mitigate the weaknesses identified in the July 23 report, do not, in many cases meet the standard of best practice or the State of Maryland Security Policy.

This Risk Assessment has identified several high-risk vulnerabilities in the implementation of the managerial, operational, and technical controls for AccuVote-TS voting system. If these vulnerabilities are exploited, significant impact could occur on the accuracy, integrity, and availability of election results. In addition, successful exploitation of these vulnerabilities could also damage the reputation and interests of the SBE and the LBEs. This Risk Assessment also identified numerous vulnerabilities with a risk rating of medium and low that may have an impact upon AccuVote-TS voting if exploited.

This assessment of the current security controls within the AccuVote-TS voting system is dependent upon the system being isolated from any network connections. If any of the AccuVote-TS voting system components, as presently configured and architected, were connected to a network, the risk rating would immediately be raised to high for several of the identified vulnerabilities. SAIC recommends that a new risk assessment be performed prior to the implementation of a major change to the AccuVote-TS voting system. Additionally, SAIC recommends a similar assessment to be performed at least every three years, regardless of system modification.

We recommend that SBE immediately implement the following mitigation strategies to address the identified risks with a rating of high:

Bring the AccuVote-TS voting system into compliance with the State of Maryland Information Security Policy and Standards.

Consider the creation of a Chief Information Systems Security Officer (CISSO) position at SBE. This individual would be responsible for the secure operations of the AccuVote-TS voting system.

Develop a formal, documented, complete, and integrated set of standard policies and procedures. Apply these standard policies and procedures consistently through the LBEs in all jurisdictions.

Create a formal, System Security Plan. The plan should be consistent with the State of Maryland Information Security Policy and Standards, Code of Maryland Regulations (COMAR), Federal Election Commission (FEC) standards, and industry best practices.

Apply cryptographic protocols to protect transmission of vote tallies.

Require 100 percent verification of results transmitted to the media through separate count of PCMCIA cards containing the original votes cast.

Establish a formal process requiring the review of audit trails at both the application and operating system levels.

Provide formal information security awareness, training, and education program appropriate to each user’s level of access.

Review any system modifications through a formal, documented, risk assessment process to ensure that changes do not negate existing security controls. Perform a formal risk assessment following any major system modifications, or at least every three years.

Implement a formal, documented process to detect and respond to unauthorized transaction attempts by authorized and/or unauthorized users.

Establish a formal, documented set of procedures describing how the general support system identifies access to the system.

Change default passwords and passwords printed in documentation immediately.

Verify through established procedures that the ITA-certified version of software and firmware is loaded prior to product implementation.

Remove the SBE GEMS server immediately from any network connections. Rebuild the server from trusted media to assure and validate that the system has not been compromised. Remove all extraneous software not required for AccuVote-TS operation. Move the server to a secure location.

Modify procedures for the Logic and Accuracy (L&A) testing to include testing of time-oriented exploits (e.g., Trojans). <Redacted>

Discontinue the use of an FTP server to distribute the approved ballots.

Implement an iterative process to ensure that the integrity of the AccuVote-TS voting system is maintained throughout the lifecycle process.

The system, as implemented in policy, procedure, and technology, is at high risk of compromise. Application of the listed mitigations will reduce the risk to the system. Any computerized voting system implemented using the present set of policies and procedures would require these same mitigations.

(on edit: Included consistent use of italics with original document)

in her Salon.com lead story. Don't hook up the GEMS (main vote tally computer) to the damn internet, duh . . . Use passwords and encrypton, duh . . .

Note that there's still no mention of the paper trail. Hmmm . . .

NNnoooooooooooo!

<g>

David Allen
Publisher, CEO, Janitor
Plan Nine Publishing
http://www.plan9.org

It looks lie SAIC did the review for free... Why would they do that?

That is, SAIC wasn't give a new contract to do this since they already had a consulting contract in place with the state. Can someone else back me up on that?

Companies like SAIC don't get that big by doing work for free.

Did anyone else catch that story earlier this month about Australia Customs? Seems they had two "secure" servers wheeled right out of their offices by a couple of guys in fake uniforms. They've been in full-on damage control mode ever since, insisting that there was no valuable data on either one of them.

# MCKINNEY, Texas, Sept. 24 /PRNewswire-FirstCall/ -- Diebold Election Systems today commended Maryland Gov. Robert L. Ehrlich, Jr., and the state for undertaking the most exhaustive study to date into the security of an electronic voting system. By commissioning the highly-respected Science Applications International Corporation (SAIC) to conduct an independent study of all aspects of the Diebold system operating within the state's specific elections procedures, voters in the State of Maryland can now rest assured that they will participate in highly secure and accurate elections.(Logo: http://www.newscom.com/cgi-bin/prnh/20000608/DIEBLOGO )

"We are pleased to be moving forward," said Thomas W. Swidarski, president of Diebold Election Systems. "The thorough system assessment conducted by SAIC verifies that the Diebold voting station provides an unprecedented level of election security."

Unprecedented, indeed.


http://biz.yahoo.com/prnews/030924/clw045_1.html

During this risk assessment, SAIC has identified several high-risk vulnerabilities that, if exploited, could have significant impact upon the AccuVote-TS voting system operation. In addition, successful exploitation of these vulnerabilities could cause damage to the reputation and interests of the State Board of Elections (SBE) and the Local Boards of Elections (LBE). Also identified in this risk assessment are numerous vulnerabilities with a risk rating of medium and low. Tables 5.1 through 5.3 provide a high-level summary of the management, operational, and technical controls currently implemented.

This section provides a summary of the identified high-risk items in Sections 2.1, 2.2, and 2.3. Section 2.4 provides a summary of the review of the Rubin Report findings. In order to ensure the integrity of the AccuVote-TS voting system, all of the risks identified within this risk assessment should be considered. This assessment of the security controls within the AccuVote-TS voting system is dependent upon the system being isolated from any network connections. If any of the AccuVote-TS voting system components, as presently configured and architected, were connected to a network, the risk rating would immediately be raised to high for several of the identified vulnerabilities within this risk assessment. SAIC recommends that a new risk assessment be performed prior to the implementation of any major change to the AccuVote-TS voting system, and at least every three years.

2.1. Management Controls

2.1.1. AccuVote-TS voting system is not compliant with State of Maryland Information Security Policy & Standards

All Information Technology (IT) systems must be compliant with the State of Maryland Information Security Policy and Standards. The AccuVote-TS voting system does not meet all of these requirements.
Failure to meet the minimum security requirements set forth in the State of Maryland Information Security Policy and Standards indicates that the system is vulnerable to exploitation. The results of a successful attack could result in voting results being released too soon, altered, or destroyed. The impact of exploitation could lead to a failure of the elections process by failing to elect to office, or decide in a ballot measure, according to the will of the people. The impact could be a loss of voter confidence, embarrassment to the State, or release of incomplete or inaccurate election results to the media.

SAIC recommends that the SBE and the LBEs implement the mitigation strategies detailed in this Risk Assessment to bring the AccuVote-TS voting system into compliance with the State of Maryland Information Security Policy and Standards. To facilitate this compliance, we further recommend that the State consider the creation of a Chief Information Systems Security Officer (CISSO) position at SBE. This individual would be responsible for the secure operations of the AccuVote-TS voting system.

2.1.2. SBE has not ensured the integrity of the AccuVote-TS voting system

The State of Maryland and SBE have begun a process to ensure the integrity of the AccuVote-TS voting system as evidenced by initiating this Risk Assessment. In addition, the SBE and the LBE have established procedures for the AccuVote-TS voting system. However, these controls are neither complete, nor integrated.
Failure to ensure the integrity of the AccuVote-TS system could result in vital information being changed such that this information no longer accurately reflects the collective will of the voters.
We recommend that the SBE and the LBEs immediately implement the mitigation strategies detailed in this Risk Assessment for all “high” risk ratings. The SBE should create a formal, documented, complete, and integrated set of policies and procedures. These policies and procedures should be applied consistently by the LBE in each jurisdiction. In addition, the SBE should implement an iterative process to ensure that the integrity of the AccuVote-TS voting system is maintained throughout the life cycle process.

2.1.3. SBE has not created a System Security Plan

Currently, no formal documented System Security Plan exists for the AccuVote-TS voting system. The purpose of a System Security Plan is to provide an overview of the security requirements of the system and describe the controls in place or planned.
The absence of this plan could result in security controls have been missed, or if considered, implemented incompletely or incorrectly. Exploitation of any of the resultant security holes could lead to voting results being released too soon, altered, or destroyed. The impact of exploitation could lead to a failure of the elections process by failing to elect to office, or decide in a ballot measure, according to the will of the people. The impact could be a loss of voter confidence, embarrassment to the State, or release of incomplete or inaccurate election results to the media.
We recommend that the SBE develop and document a formal System Security Plan. The plan should be consistent with the State of Maryland Information Security Policy and Standards, Code of Maryland Regulations (COMAR), Federal Election Commission (FEC) standards, and industry best practices.

<lots more>

You can copy and paste a PDF by selecting the Text Select Tool, and highlighting the required text.

"The thorough system assessment conducted by SAIC verifies that the Diebold voting station provides an unprecedented level of election security."

The report says:

"This Risk Assessment has identified several high-risk vulnerabilities in the implementation of the managerial, operational, and technical controls for AccuVote-TS voting system. If these vulnerabilities are exploited, significant impact could occur on the accuracy, integrity, and availability of election results."

David Allen
Plan Nine Publishing
http://www.plan9.org

whether or not that unprecedented level of election security was in a positive or negative direction.

Yes, everything about US elections since 2000 have been unprecedented.

"The thorough system assessment conducted by SAIC verifies that the Diebold voting station provides an unprecedented level of election security."

Cocoa would have been along any moment now to do that! :evilgrin:

I presume, anyway.

* Apply cryptographic protocols to protect transmission of vote tallies.

Eloriel

They're attempting to backdoor encryption, as was feared earlier.

And they want to verify acuracy by a count of the cards? That's not an independent audit trail!

Where's the voter-verified paper backup, dammit?!

You were on it so quickly, I thought you just indicated we should look for that -- but you found it in there.

Yup. Psst: VoteHere, c'mere.

There it is on page IV and page 5.

Interesting, too, that there is no system to do a 100% comparison of what's on the touch screens vs. what's on GEMS. Of course, VoteHere (implied) will solve everything.

We're just the little people. Let's not worry our little heads about it. Leave it to those big important public officials and the smart clever computer guys, they'll take care of us.

2.5. Overall Risk Rating

The system, as implemented in policy, procedure, and technology, is at high risk of compromise. Application of the listed mitigations will reduce the risk to the system. Any computerized voting system implemented using the present set of policies and procedures would require these same mitigations.

David Allen
Publisher, CEO, Janitor
Plan Nine Publishing
http://www.plan9.org

Did you miss the part (in your own quote) that says Application of the listed mitigations will reduce the risk to the system?

Why don't you quote from the Maryland press release? Allow me... it'll help make this thread a little more fair and balanced:

"In August, I ordered my administration to subject the Diebold machine and source code to the strictest of tests to ensure it met my high standards," Governor Ehrlich said. "This month, a third party analyst submitted to me a positive independent review indicating that the Diebold machine and source code, if operated properly, can contribute to one the safest, most secure election systems available. Because of this report, Maryland voters will have one of the safest election environments in the nation."

Governor Ehrlich in August ordered Science Application International Corp., (SAIC), under an existing contract for security services with the State, to conduct the independent analysis of the Diebold machine and its source code. The SAIC review responded in part to a report published by Aviel Rubin of Johns Hopkins University that questioned the use of the Diebold source code.

SAIC's independent review states, "While many of the statements made by Mr. Rubin were technically correct, it is clear that Mr. Rubin did not have a complete understanding of the State of Maryland's implementation of the AccuVote-TS voting system...The State of Maryland's procedural controls and general voting environment reduce or eliminate many of the vulnerabilities identified in the Rubin report."

SAIC's report continues, "Rubin states repeatedly that he does not know how the system operates in an election and he further identifies the assumptions that he used to reach his conclusions. In those cases where these assumptions concerning operational or management controls were incorrect, the resultant conclusions were, unsurprisingly, also incorrect."

Diebold has incorporated three new security features in response to the independent review. The enhancements include 1.) implementing a dynamic assignment of security keys to enable the State to determine the pass codes used by smart cards to access the system, 2.) incorporating encryption into the electronic transmission of election results, 3.) providing personal identification numbers for when election officials access the system. Additionally, in an effort to ensure maximum public confidence in the State's election system, the State Board of Elections is adopting the following recommendations by SAIC that further solidify its own election security system:


- Bring the AccuVote-TS voting system into compliance with the State of Maryland Information Security Policy and Standards
- Consider the creation of a Chief Information Systems Security Officer at the State Board of Elections
- Implement a formal, documented, complete, and integrated set of standard policies and procedures.
- Implement a formal, System Security Plan that is consistent with State Information Security Policy, Code of Maryland Regulations, Federal Elections Commission standards, and industry best practices
- Apply cryptographic protocols to protect the transmission of vote tallies
- Require 100% verification of unofficial election results
- Establish a formal process requiring the review of audit trails
- Provide formal information security awareness, training, and education appropriate to each user's level of access
- Review any system modifications through a formal, documented, risk assessment process to ensure that changes do not negate existing security controls,
- Implement a formal documented process to detect and respond to unauthorized transaction attempts
- Implement a formal, documented set of procedures describing how the general support system identifies access to the system
- Change default passwords and passwords printed in documentation.


You are once again misleading people, as is your typical practice. The truth is that SAIC identified various potential problems in both the technology and the election procedures in place by the state, and made a number of recommendations to both in order to mitigate any security issues. Diebold appears to have responded to the technical recommendations, and the state indicates it is revising its own procedures accordingly. Why do you leave all of that information out? I suspect it's because your agenda is all about selling books and not at all about improving the security of the election system.

I don't see the SAIC "whitewash" we were all promised. I don't see the endorsement of VoteHere's product that we were all promised. It seems to me that you people owe everyone here an apology.

JC

NT!

which should we believe?

They both say the same thing... potential issues were identified in both the technology and election procedures. The SAIC report makes recommendations for how to address them and mitigate their associated risks. The MD press release lists the SAIC recommendations and says they have been or will be implemented by both Diebold and themselves. Actually they both mention that the infamous Avi Rubin report was flawed because of his wild, incorrect assumptions and lack of knowledge of the complete system and procedures, too. Much like Rebecca Mercuri et al (and random nobodies such as myself) have already pointed out in the past.

I note that elsewhere on this thread you seem upset over the issue of redacted version numbers. If I interpret the MD press release correctly, it says that Diebold implemented some changes to address smart card security (a favorite of Rubin's, and the main thrust of the NYT article as I recall), encryption of result transmission (presumably between the voting terminal and GEMS -- another favorite of Rubin, as I recall), and something about personal identification numbers for election workers (whatever that's about). You should be ecstatic to see the bulk of Rubin's issues addressed, unless your support of his paper was entirely disingenuous to begin with. But back to version numbers. If Diebold implemented the described changes as recommended by the report, then it stands to reason that the version in question isn't one of the previously certified ones. In fact, it seems patently obvious... the software has (at a minimum) the listed changes. One presumes (although I don't see it stated in the press release) that Diebold or Maryland or whoever will take steps (if they haven't already done so) to certify the version with said changes. Well, *I* presume it, at any rate. Then again, I'm not a conspiracy theorist.

JC

Programmer, lookie here now, son. Your words are wasted. Diebold has been caught with their firewall down and all their dirty secrets are floating in cyberspace. What has transpired here on DU ever since Bev arrived is nothing short of historic. You will never convince more than a few sheep that it is any different.

A piece of advice: Don't quit your dayjob.

Your condescension is wasted on me, old-timer. Read the report... that'll make at least two of us.

JC

Don't have to read it all. But what I did read said that what Diebold sells is trash. The rest of it I will trust Bev and the rest to winnow out all I need to know. Unfortunately, you are of no help, although I imagine you could be, if you had enough wisdom. <g>

So what you're saying is you didn't read the report and you simply believe what Bev (who has admitted many times in the past has only the most tenuous grasp of anything remotely technical) tells you on the subject.

OK. I can't argue with that.


*looks around for signs of independent thought*

JC

Are you implying that the good folks in Maryland didn't read the report? :shrug: :evilgrin:

Message removed by moderator. Click here to review the message board rules.

If you read the entire sentence, The system, as implemented in policy, procedure, and technology, is at high risk of compromise." Not much wiggle room there! :evilgrin:

Had it not been for the determination of Bev, DemActivist and many others, this study NEVER WOULD HAVE HAPPENED!

:kick:

Wiggle room?

Read this over and over again until you can understand it.

The system, as implemented in policy, procedure, and technology, is at high risk of compromise. Application of the listed mitigations will reduce the risk to the system.

The study lists some potential security issues in the software and in the state's election procedures. It follows immediately with a statement that applying the recommended fixes will reduce the risk. The governor of Maryland states that Diebold applied the fixes they requested and that they would update their election procedures as recommended.

I'm not making this up, honest. Spin it however you like, Pat, but much as you'd like to, you just can't change what's actually there. :evilgrin:

“This month, a third party analyst submitted to me a positive independent review indicating that the Diebold machine and source code, if operated properly, can contribute to one the safest, most secure election systems available. Because of this report, Maryland voters will have one of the safest election environments in the nation.” -- MD Governor Robert L. Ehrlich, Jr.


JC

Come on folks, I think we need to educate the public on just who SAIC, the "independent reviewers" are. While we're at it we need to start a FOIA campaign to get a copy of the full report, not just the 20% that was released! They're OUR elections and that's OUR report!

"a positive independent review" of a flawed system that was used in the last 2 elections! Feck off! I won't stop until every voter in America knows about this! :)

Our tax dollars paid for that study and we deserve to know what's in it! :evilgrin:

:kick:

You better get the code ready to support that printer! :P

Good point Pat. Here is what the SAIC said it would do:
"The SAIC review will include a test bed using the relevant hardware and software configurations employed by Diebold. The test will be built as dictated by the Maryland State Board of Elections using regulations, standards and procedures developed for polling places.

SAIC will review guidelines and procedural documentation from the state board and the local boards of election that used the Diebold system in the 2002 election. It also will conduct interviews with election directors, local information technology offices and election judges. "
http://www.washingtontechnology.com/news/1_1/industry/21399-1.html<\url>

Where are the goddamn interviews ? Who was interviewed and what was said ? We goddamn paid for the SAIC employees to go around and get a few drinks with these people!!!! I wanna see what came out of it. -CV

...you lose the right to total my taxes.

Indeed.

You know, it struck me - Diebold also makes ATMs. I'm going to have to find out who contracts with them - I'd hate to have all my money wiped out by Diebold's infamous "security".

...and the fact that they run well and are based on a database, shows that what we have here is NOT incompetence.

(For example, they failed to use referential integrity, which takes less than a minute to switch on a prevents records from being "inadvertently" lost.)

It is fraud.

"...and the fact that they run well and are based on a database, shows that what we have here is NOT incompetence.

(For example, they failed to use referential integrity, which takes less than a minute to switch on a prevents records from being "inadvertently" lost.)

It is fraud."

I tend to think so too... But are the various divisions even talking to each other ? I mean, they acquired GES, right ? Perhaps GES was screwed up but the rest of Diebold is doing OK... -CV

Because of this report, Maryland voters will have one of the safest election environments in the nation.?

You mean, like, no voters will be killed or wounded? I was hoping for a little more, obviously.

"You mean, like, no voters will be killed or wounded? I was hoping for a little more, obviously."

No, he means that they won't have to kill any activists who get in the way (since they got the go ahead anyway)... -CV

many nights of sleep were lost after limited manual recounts in Florida.

“This month, a third party analyst submitted to me a positive independent review indicating that the Diebold machine and source code, if operated properly, can contribute to one the safest, most secure election systems available. Because of this report, Maryland voters will have one of the safest election environments in the nation.” -- MD Governor Robert L. Ehrlich, Jr.

If this is only one of the safest, most secure, election systems available, what is THE safest, most secure available? Why aren't they using that? Is Erlich saying that the safest, most secure election system available is not worth getting for Maryland? How do you feel about that, Tinny?

I have friend at SAIC (diffferent division) who, himself was expecting a whitewash, or as he put it (paraphrasing) "I expect they'll find whatever the contractor wants them to."

If a SAIC's employees were expecting a rubber stamp, how can Bev be faulted for thinking the same?

....only 20% was released. Hmmmm. :evilgrin:
What's that smell.....:(

Message removed by moderator. Click here to review the message board rules.

"Maryland officials are studying the 200-page report from SAIC. A spokesman for Mr Ehrlich said the state might announce its decision on whether to continue with the Diebold contract as soon as today. Tom Swidarski, president of Diebold Election Systems, said criticism of the product was "misguided", and that the company supported the SAIC review. He also complained that the code on the Diebold site was copyrighted and had been stolen."

http://www.verifiedvoting.org/article_text.asp?articleid=128<\url>

Also:

"Shareese DeLeaver of the governor's office said the 200-page report has been shown to Diebold officials and is now being reviewed by the state's Department of Budget and Management and the State Board of Elections. The report was commissioned by the governor after researchers at Johns Hopkins University and Rice University discovered serious security flaws (PDF) in code for the AccuVote-TS voting terminals."
http://www.wired.com/news/technology/0,1282,60486,00.html<\url>

-CV

http://www.wired.com/news/technology/0,1282,60486,00.html

I don't get it: on Sept 18:
"Some of those recommendations are security changes Diebold must make before the state will adopt the company's systems, according to Pettit.

"Before going forward with the system, all of these recommendations have to be implemented," he said.

He noted that SAIC, which is now fully familiar with the software and the process of using the systems, will likely re-review the software for the state once changes have been made. Pettit said it is possible that such changes could be made by the March 2004 primary election."

But now the Governor is saying that these changes have already been made ?? Am I missing something ? -CV

By my count, the main report document contains 40 pages and the separate Appendix B contains an additional 29 pages. That's 69 pages, which is actually closer to 35% of the alleged 200.

That smell you mentioned might be coming from your math.

JC

This company has gone how many days without a significant glitch or SNAFU? If nuclear plants had the sort of accident record Diebold has, we would all glow in the dark.

We're reading the memos Mr. TinFoil. Diebold has "no" record of voting machines operating properly. At least not in the files I have read.

<cough cough> smokey in here, huh???

if the ignorant bushite base give this a pass...

you'd think that conservative/republican patriots would respect the vote

(you'd think they'd notice that BushCo is neither conservative or republican too)

give us their opinions on this report and how we can exploit it? I am "geek challenged" so not sure if we can use this to our advantage. Going to go download the thing and see if I can even understand it.


:bounce:

4.2. AccuVote-TS System and Interfaces

The Diebold AccuVote-TS voting system consists of two components, the GEMS voting server and the DRE (Direct Record Entry) or voting terminal.

The voting terminal is an embedded device running Microsoft Windows {Redacted} as its operating system. The currently used version of the AccuVote-TS software is {Redacted} written in the C++ language. The components of the system include: a touch screen, used by voters for entering votes; an active memory component which stores the operating system, ballot information and a temporary record of the votes; a PCMCIA flash memory card which also stores the votes cast (this card is contained in a locked compartment on the DRE device, but is removed for vote tallying); And an internal ribbon printer. The system also has an optional audio component, which can be activated to support the visually impaired. Each of the systems is able to support a modem.

{Redacted} The GEMS voting server contains the GEMS software, which is used to communicate with the voting terminals for loading ballots and transferring the voting results. The currently used version of the GEMS software is also written in C++. The components of the system include the server, a keyboard, mouse and monitor. The server can be connected to a modem bank to receive voting information from the precincts. Each LBE has two GEMS voting servers, a primary and a back-up. The LBE voting server and terminal are connected to a non-public network during the ballot loading process. The only other instance when the LBE GEMS voting server and terminal are connected is during the results collection or canvassing stage. {Redacted} All other times, the voting terminal operates in a stand-alone mode.

-----

They feel the need to redact that the OS is Windows CE?? That's interesting, isn't it? And why redact the version of the software?? Very curious indeed.

Eloriel

The voting terminal is an embedded device running Microsoft Windows {Redacted} as its operating system.

M$ CE, maybe? I recall there being an issue with the use of that OS.

The currently used version of the AccuVote-TS software is {Redacted} written in the C++ language.

As Bev notes below, they've redacted THE GEMS VERSION USED. That strikes me as unnecessary - unless, of course, the version used is uncertified and/or a hacked version.

Page 17: "The currently used version of the AccuVote TS software is REDACTED

We are not allowed to know what version is used? Um, isn't it supposed to be the CERTIFIED version and isn't that supposed to be public record?

Oops, sorry, didn't see that Eloriel had flagged the same thing -- and the obvious fact that they use Windows CE in the touch screens. I'll tell you why they redacted it. Windows CE is not "off the shelf" and therefore, according to FEC regs, should be certified. But (as supported by a Tab Iredale memo, Jan 2002) they don't want certifiers to look at Win CE.

And as for redacting the version used, all I can say is WTF???

Pardon me, if I shout for a moment.

CHRIST TEETER-TOTTERS IN THE PARK! HOW IN THE NAME OF GRACE HOPPER DID THIS EXCRESCENCE GET PASSED BY THE ITA AS "CERTIFIED"? EVEN IF THEY CERTIFIED X.X.1 AND THIS IS X.X.2, YOU CAN'T HIDE SECURITY HOLES THIS BIG!

DOES ANYONE AT THE ITA HAVE EVEN THE MINIMAL INTELLIGENCE GOD GAVE A MENTALLY RETARDED PLANT?

Thanks you. I feel better now.

David Allen
Publisher, CEO, Janitor
Plan Nine Publishing
http://www.plan9.org

to "say it all," as of course, a dissertation in triplicate would be required to "say it all." :evilgrin:

Surely you of all people know by now that Certification is little better than a joke. Literally. One of these days I'm going to have to look at those FEC "guidelines" (they're voluntary, not mandatory) which certification is supposed to ensure the software and machines meet. THAT should be interesting.

In any case, *I* was supremely impressed by that one memo that showed that Jennifer at Metamor (or whatever it was before it was Ciber) actually found a little wrinkle to ask Diebold about. Really, I was. I had this vision of she and ole Shawn baby with the biceps tossing bon bons to one another while the dough piled up for their "certification" efforts. To find out that someone actually looked at SOMEthing about the software was a real surprise.

Eloriel

guidelines -- they are part of the memo stash, but not part of the html stuff. Oops, I mean, here they aren't but shoot me a PM if you need them.

The big secret is they actually have been certifying everything to 1990 standards (??!?!?!) but in the stash were FEC standards for 1990 and 2002. The 1990 set is hard to come by.

Message removed by moderator. Click here to review the message board rules.

IT LOOKS LIKE I CAN CUT AND PASTE AND CHANGE WITOUTH ANY PROBLEMS WITH ADOBE ACROBAT 5.0... I DON'T THINK THE DOC HAS ANY PROTECTION AT ALL...
-CV

Message removed by moderator. Click here to review the message board rules.

The report reccommends...

"Remove the SBE GEMS server immediately from any network connections. Rebuild the server from trusted media to assure and validate that the system has not been compromised. Remove all extraneous software not required for AccuVote-TS operation. Move the server to a secure location."

For the benefit of Fredda Weinberg, Cocoa, TFHP and any lurkers I will explain what this paragraph means.

1. Remove the SBE GEMS server immediately from any network connections

DIEBOLD SAID IT WASN'T CONNECTED REPEATEDLY - MOST RECENTLY ON NEWSHOUR WITH JIM LEHRER

2. Rebuild the server from trusted media to assure and validate that the system has not been compromised.

MEANING PRESUMABLY 1) THAT THEY CANNOT BE CONFIDENT THAT IT HAS NOT BEEN COMPROMISED and 2) THAT THERE IS NOTHING IN THE WAY THE SYSTEM WORKS TO SHOW WHEN IT HAS BEEN COMPROMISED

3. Remove all extraneous software not required for AccuVote-TS operation.

MEANING.. REMOVE MICROSOFT ACCESS AS PER THE BBV INQUIRY WORK DONE BY BEV.

4. Move the server to a secure location.

WHICH BEGS THE QUESTION WHERE IS IT NOW? AN UNSECURE LOCATION? BUT MORE IMPORTANTLY... MEANING THEY CONCEDE THAT THE ONLY WAY TO SECURE THIS SYSTEM IS TO LOCK THE DOOR ON IT.

******

.... and Diebold says they have been cleared.

As I understand it Ehrlich said that after this report Maryland would then assess whether or not it would keep the system. That question is not addressed in this report at all... SAIC seems to assume that the Diebold system will be purchased regardless.

I want to know if the system as assessed meets the RFP? Does it meet the standards claimed by its makers? And does it meet the legal requirements?

We have whitewash merchants out here in NZ too.. but they are a little more professional than this.

Pathetic. Truly pathetic.

Let's talk about "vindication".

Actually, the full section from which you pulled your quote says this:

2.2.2. SBE GEMS server is connected to the SBE intranet

The current security controls employed for the AccuVote-TS voting system require that the system not be connected to any network. The Direct Recording Equipment (DRE) voting terminals themselves are not connected to any network. However, the SBE Global Election Management System (GEMS) server is connected to the SBE intranet, which has access to the Internet. In addition, the server contains some Microsoft Office products not required for the operation of the AccuVote-TS voting system.

We recommend including testing for time-triggered exploits (e.g., Trojans) as a part of the L&A testing. If L&A testing proves to be an inappropriate venue for this testing, we recommend the SBE choose another venue, or introduce into the testing protocol an additional battery of tests including these procedures. We recommend that the SBE GEMS server be immediately removed from any network connections. The server should be rebuilt from trusted media to assure and validate that the system has not been compromised.

Bev has repeatedly, uncategorically, stated that the GEMS computer is "connected to the Internet" and that (either by inference or by direct statement by her) anyone can simply walk right in (metaphorically) and gain access to it through that public network. Moreover, she has repeatedly and vociferously called Diebold and various state officials "liars" for claiming that the GEMS computer was not connected to the Internet. Interestingly this report states clearly and categorically that the GEMS computer is assuredly not connected to the Internet... only to an internal intranet. I hope that Bev will be issuing the appropriate retractions and apologies forthwith.

SAIC recommended that the GEMS computer not be connected even to the private intranet. That recommendation seems reasonable enough... after all, why bother connecting it to anything? The issue however is procedural, however, not a flaw inherent in the software itself.


As for "rebuilding the server from trusted media", the recommendation seems like a reasonable enough security precaution. Break out the CDs. Once again, it doesn't at all suggest there's a flaw inherent in the software.


As for removing all extraneous software from the server, that recommendation seems reasonable as well. Why have software there if it's not used? The state said they would undertake the recommendations in the report... one would think you'd be thrilled about this.

JC


edited to remove rampant accidental bolding of text

what you will find are election results uploaded off of GEMS onto the Internet.

The user manuals confirm it.
The memos confirm it.

Yes, Diebold lies repeatedly. I noticed that among the documents used by SAIC to form their opinions was the Brit Williams April 23 letter

You know, the set of lies so ridiculous they keep getting reprinted to show what liars these people are. And by the way, in it he says the machines aren't connected to ANYTHING.

"...one would think you'd be thrilled about this."

Well, if I could believe that the problems were honest and occasional mistakes in an otherwise professional organization, I would be more inclined to be thrilled. Given that their game relied on bending the rules and covering up any problems whatsoever, it is not clear what's there to be thrilled about. A likely scenario is that they did not do any of the above and just bribed the appropriate SAIC people. Given what's in the memos, such a strategy would not be entirely suprising. The only outcome I would be thrilled with would be decertification. Period.
-CV

1. The intranet is connected to the internet. Ipso facto the computer is connected to the Internet. The fact the GEMS computer was on an intranet means that it could be hacked by anyone on that intranet. I would be interested to know how big that Intranet is. And also whether this is standard practice in other jurisdictions. Plus the GEMS computer is plugged into a modem bank... and how are they going to secure that.

2. The reference you guote to. "In addition, the server contains some Microsoft Office products not required for the operation of the AccuVote-TS voting system." CAN YOU CONCEDE THAT THIS IS ALMOST CERTAINLY A REFERENCE TO MSOFT ACCESS TFHP?

3. Fat lot of good rebuilding the server from trusted sources will do if the trusted sources are full of bits of codes marked by the chief programmer with the note "God knows what this bit does".

FINALLY: you say.. "The state said they would undertake the recommendations in the report... one would think you'd be thrilled about this."

The recommendations are basically just another layer of makeup on the rotting corpse that we know as Diebold Election Systems. They solve nothing, resolve nothing, they are in short a complete waste of money.

What surprises me is that it is more than apparent from this report that even SAIC accepts that the system is not up to scratch. Why then is Diebold not getting the bum's rush.

I just got done gagging over the Washington Post article, which glosses along -- excuse me but why is anyone going ahead with something that had over 300 security flaws identified, what was it, 26 of them "critical?" And who is putting Shawn Southworth, the certifier, in the stockade right now?

And what about Georgia, who ran elections with the 26 "critical" security flaws and the other 300 mild to moderate security flaws?

And why the hell isn't someone screeching -- well I am -- about redacting the version number, for pete's sake, which is public record and is supposed to be on the NASED list of certified versions? How did THIS suddenly become top secret???

This is nauseating. This is a skillfully done whitewash. They put enough criticism -- damning criticism by the way -- that somehow the public is thinking it must be honest. But this thing raises more questions than ever, and the fact that they haven't pulled the plug on this company just shows we've got a corrupt system.

Gah.

Bev

...is how anyone could go along with the cover-up.

The reporters, election officials, and employees of unsecure voting-machine companies all have something to lose: their own right to vote.

Every time one of the Diebolders jokes about "getting around" security, every time a "journalist" whitewashes a story on this, every time an election official simply buys Diebold's story, they dig their own grave a bit deeper.

You'd think that people would care about the fact that their actions will hurt themselves in the future, when their votes truly no longer count. How can anyone decide to remain silent when their own rights are in danger and they KNOW about it?

it's not even about the GEMS software. It's about the touchscreen software. They left a WHOLE bunch out. Maybe someone who read it with a bit more care than I did at first can confirm that. Remember, the thinking was that they physically COULDN'T review those hundreds of thousands of lines of code within 4 weeks. Plus, it took some time to write the report. Of course, the report could've been written somewhat simultaneously if they had enough staff.

They basically did a rehash of what the Rubin team did, in about as much time, at least in the report version we have.

There's your even bigger whitewash.

Yeah, I just did a quick visual scan. Pages 8, 9, 17 are the only places in the redacted version where GEMS is even mentioned, and it's NOT to critique that software in any way.

Eloriel

You'll get an apology when we get the other 160 pages of the report WE paid for! :evilgrin:(That is if they vindicate you) :)

You claim: "Bev has repeatedly, uncategorically, stated that the GEMS computer is "connected to the Internet" and that (either by inference or by direct statement by her) anyone can simply walk right in (metaphorically) and gain access to it through that public network."

I don't think Bev claimed (or needed to claim) that ANYONE can simply walk right in and gain access to it.

The implication was just that someone (such as "sophia" at Diebold HQ) could dial in from their laptop and muck around.

Several Diebold memos have admitted this.

So please don't exaggerate. Please don't put words into people's mouths. Please don't set up straw horses to easily knock down.

I wonder what was in em...

What does this mean precisely ? How is the accuracy test performed ??? -CV

CERTIFICATION # 4 (Inspector) ACCUVOTE TS PRE-ELECTION LOGIC AND ACCURACY TESTING

.....that said that the 200 page report had been delivered to Maryland?
Where are the other 160 pages and what was in them? :shrug:

This was a publicly funded study. FOIA request anyone? :evilgrin:

And of this, many pages are redacted.

Can you say Rose Mary Woods?

Could it be that sections 5, B, and C account for 160 pages ??? -CV

And I am sure they did not make it up..

Purpose and function of the AccuVote-TS voting system:
•Generate electronic ballots;
•Permit voters to view and cast their votes electronically;
•Record, store, and report vote totals; and
•Provide accurate electronic audit trails to ensure integrity of the AccuVote-TS voting
system.
{Redacted}

(edit - the square brackets in the original form hid the word "redacted" by sending it off to the html parser)

(from section 4.1, .adf page number 23)

Btw, Adobe Acrobat reader allows you to copy text to the clipboard if you first hit the "T" button, fifth from the left in this version. The usual method of simply highlighting and copying will not work unless this button is used. The "find" menu item under "edit" is also handy.

Trust us. If we made this information public, evil hackers could elect anyone they wished. So we'll keep everything secret and you can be sure your votes are counted fairly. Remember, it's certified (just don't ask who is doing the certification, that's secret too.)

Seriously, when some of us started to ask questions re the new touch screen voting machines, the first thing we encountered was a brick wall of secrecy. No information about how the machines worked, no information about the procedures used, nothing. And no one told us a damn thing when we asked. With the discovery of the Diebold FTP site, we got a glimpse of ONE company's software - but that is only one piece of a three piece puzzle:

Software + Hardware + Procedures = A Voting System.

So what does this report say? Well, you may know the software, but you don't know the Hardware and the Procedures, so you can't come to valid conclusions - nayh, nayh, nayh. Sorry, but that begs the question:

If this is a Democracy, why hide how the damn votes are counted.

"Trust us. If we made this information public, evil hackers could elect anyone they wished. So we'll keep everything secret and you can be sure your votes are counted fairly. Remember, it's certified (just don't ask who is doing the certification, that's secret too.)

Seriously, when some of us started to ask questions re the new touch screen voting machines, the first thing we encountered was a brick wall of secrecy. No information about how the machines worked, no information about the procedures used, nothing. And no one told us a damn thing when we asked. With the discovery of the Diebold FTP site, we got a glimpse of ONE company's software - but that is only one piece of a three piece puzzle:

Software + Hardware + Procedures = A Voting System.

So what does this report say? Well, you may know the software, but you don't know the Hardware and the Procedures, so you can't come to valid conclusions - nayh, nayh, nayh. Sorry, but that begs the question:

If this is a Democracy, why hide how the damn votes are counted."


MAN!!! I'M REREADING THE BOOK VOTESCAM: THE STEALING OF AMERICA.
They went through exactly this same shit at that time!!! -CV

is the complete absence of footnotes and sources.


For those of you just tuning in, the current score is:

Insufficiently intelligent Diebold shills - 0
Comic Book Publishers -1

David Allen
Publisher, CEO, Janitor
Plan Nine Publishing
http://www.plan9.org

It's a good read, but it is not clear how much of it is made up... -CV

Why on earth would you redact a function of a voting system?

My guess: some version of

* Steal votes on demand

:evilgrin:

Eloriel

It is unclear if the redacted bit following the listing of the four functions was yet another (secret) one or new paragraphs about something else. Probably (maybe) the latter, but redacting anything in a section labeled "Functional Description of the AccuVote-TS" is strong proof that there is something about how the thing works they want to keep secret from the voting public.

I've been on the fringe of this for a while, mostly just looking. But the bottom line here is obvious even to me.

-The system has been and is at HIGH RISK of security breech.
-The government may or may not implement the recommendations to plug these holes.
-Some of the identified holes we don't get to see, so we don't know if the state will even attempt to plug them.
- The report says to unplug the server from any network, but then says to encrypt data transmission over a network? WTF?

Every single step in the path toward secure voting is indicated as being flawed. Passwords, physical security, network connections, auditing, certification. And the governor accepted the system anyway?

An independent review released yesterday found 328 security weaknesses, 26 of them critical, in the computerized voting system Maryland has just purchased, flaws that could leave elections open to tampering or allow software glitches to go undetected.

State officials said they still intend to honor their $55.6 million contract with Diebold Elections Systems Inc. and are moving quickly to correct the problems before all counties begin using the machines in the March presidential primary.

"Because of this report, Maryland voters will have one of the safest election environments in the nation," said Gov. Robert L. Ehrlich Jr. (R), who last month ordered the review by computer security experts Science Application International Corp.

The heavily redacted review was intended to put to rest an explosive report by Johns Hopkins University computer scientist Aviel Rubin and his colleagues, who in July questioned the security of the AccuVote touch screen voting machines.

http://www.washingtonpost.com/wp-dyn/articles/A60825-2003Sep24.html

And maybe, just maybe, people will ask:

If this is a Democracy, why hide how the damn votes are counted.

repeating Diebold's press release stating that Maryland is going ahead with the voting machine contract.

while confirming shortcomings in Rubin's original report, they come firmly down on our side:

Indeed, the security review acknowledged as much, saying the report looked not only at the software, but the entire human management and operation system. Still, Science Application International Corp. said it agreed with much of Rubin's technical analysis. And their conclusions were damning.

"The system, as implemented in policy, procedure, and technology, is at high risk of compromise," the company wrote in its executive summary. The action plan, they wrote, would reduce the risk to the system.


For those of you just tuning in, the current score is:

Insufficiently intelligent Diebold shills - 0
Comic Book Publishers -1

David Allen
Plan Nine Publishing
http://www.plan9.org

Further, as a result of the review, Diebold has rewritten its software to include better encryption coding and harder-to-crack passwords. The encryption and password upgrades will be made only for the machines destined for Maryland, Radke said, and would not be available for the 33,000 touch-screen machines already in use elsewhere.

Screw them, they didn't pay for a report.



For those of you just tuning in, the current score is:

Insufficiently intelligent Diebold shills - 0
Comic Book Publishers -1

David Allen
Publisher, CEO, Janitor
Plan Nine Publishing
http://www.plan9.org

Georgia has to keep the same flawed shit? Alameda County?

Ohhhhhh California recall here we come. Can you say LAWSUIT????

Puleeze give the the redact list, the hmmm? list and the what the hell happened here list, and then I'll hit California with the "but you guys still have to live with this shit" list and they can run the flawed Diebold stuff in their 14 counties (and by the way, the SAIC thought the optical scans were not part of the examination, nor was the ballot preparation or the interface with voter registration)

uhhhh. When did we all join THIS circus???

Extremely odd thing to say.

I can only presume that anyone else wanting to have an actual secure system will have to pay through the nose for it.

And it strikes me that if there are huge security holes in Maryland's brand new system - then what about all the counties in California using GEMS. Don't they need to take these steps immediately too.. i.e. disconnecting their Gems computers, removing MSoft Access from the boxes etc. etc.

I am not sure what others think but I actually think this is quite a good article. It leads with the problems not with the whitewash... sure it lets em off a bit.. but a journalist is not a prosecutor. Reading this story it would be hard not to conclude that it begs more questions than it answers. Especially the peculiar line that you have identified David.

In fact I reckon the author put that in for precisely that purpose.

al

... in the documents I've read, no one at Diebold seemed inclined to do much more than minimal fixes in short time periods--the rest was, well, when we get to it. This report has been in the hands of Maryland officials for what, two or three weeks, and Diebold has already rewritten the software to improve both encryption and password protocol? And have addressed, what, two dozen other "critical" areas of the software, all in a couple of weeks? These are the "throw a patch at it" experts.

Additionally, the certifiers seemed to be on schedules that required weeks to months just to review minor changes. Then the NASED board has to meet to review the certifications.

Whatcha wanna bet that this all didn't happen in two or three weeks? And that SAIC was feeding information to Diebold (and VoteHere) right from the start, so that Diebold could get a head start on it. In fact, despite their protestations and refutations of the JH report, they were working on changes to the software based on that report.

But, regardless, any press blast ought to include the bit about everyone else not getting these security "upgrades." That should make them lots of friends around the country.

Cheers.

Make it funny and disgusting, as you have already, and point out what's wrong here!

Let's get started: A list of everything redacted that's absurd

- Redacted the version number, which is supposed to be listed by NASED
- Redacted the purpose of a vote-counting system
- Redacted the word before GEMS in the section about GEMS

(I think I may know, by the way: "High Speed Central Count" -- this is the new fancy system they've got, according to internal documents; they examined the new TSx and the new GEMS "high speed central count") -- SAIC looked at something that is not even certified yet and has never once been used. And even that brand new system had 26 critical flaws and over 300 other problems and guess what? The memos indicate they don't even use the same stuff the certifiers look at.

Redacted....list 'em all and why the hell can't we know what's certified and compare it with what they examined?

After the redaction list, how about the "hmmm" list: Like, hmmm, do they fix all these critical security flaws in the other installations, like all over Georgia, Alameda County, etc.

Hmmm, do we get to audit the election results run with 26 critical security flaws?

hmmmm, what about optical scan systems which they didn't examine?

need a hmmm list.

And then we need a "what the hell happened here?" list:

what the hell happened here? Ciber certified this stuff!
What the hell happened here? Wyle certified it too!
What the hell happened here? NASED certified it too!
What the hell happened here? Brit Williams certified it too!
What the hell happened here? They were using versions that weren't even certified.
What the hell happened here?....

I'll spread it if you'll prepare it. And maybe we can match this bullshit up to the memos and ask if that's why they needed to "redact" Blackboxvoting.org's web site.

Bev

BEV..

A great plan as ever. But this should really be posted as a new BBV Research Thread...

BBV Research Thread: Disecting the SAIC Whitewash Help Needed Now

...or something similar... this post is far too down this thread for the crew to receive their instructions and act on em as we have come to expect...

al

the headline is good Report Raises Electronic Vote Security Issues but the story is not as good as WaPo's. It does have a killer closing paragraph though.

"For two years, Baltimore County has warned, `Iceberg ahead!' and now independent experts have warned that it's a gigantic iceberg," Mr. Smith said. "Maryland should not say, `Damn the iceberg, full speed ahead.' "

http://www.nytimes.com/2003/09/25/technology/25VOTE.html?ex=1065067200&en=aa7d5fdea73eb5f6&ei=5062&partner=GOOGLE

{Kind of starts to veer off-topic, as my posts on BBV usually do - I just don't know where to jump in and where to stop on BBV, it's so vast...}

In mathematics and computer programming, you don't "mitigate" or "reduce the risk" of errors.

You "eliminate" them and "prove" that they cannot occur.

There is a big difference between mathematics and computer programming and other fields of human endeavor in the humanities or even the sciences. In medicine or economics or government or cooking for example, sometimes the most you can indeed do is "mitigate" and "reduce the risk" of errors.

As we remember from doing proofs in geometry, or punching the keys on a calculator, the state of the art is quite different in mathematics and computer science. You don't "reduce the risk" of getting the wrong answer to an addition problem - you simply use the right algorithm.

We all know this, but we forget. When you punch something into a calculator, you aren't 99.999% sure the answer's right. Yeah, maybe you hit a wrong key - but if you hit the write keys, you get the right answers. 100% of the time. No doctor or central banker or politician or chef has the luxury of 100% control over their projects and plans - but the intuitive meanings of "virtual" and "digital" make us expect repeated executions of addition and multiplication - on paper or on a computer - to "work" every time - once the algorithm has been worked out and verified. (And then you can always "cast out nines" if you want to double-check.)

This higher standard is of course not very evident in a world up until now dominated by bug-ridden, "black box", proprietary software. Microsoft is releasing patches every week trying to keep up with the hackers exploiting all the "unforeseen" holes in their systems. "Mitigating" and "reducing risk" is what they do - but they aren't the state of the art.

I assure you, when the Department of Defense goes procuring software development, there are written policies in place prohibiting contracting with vendors using non-open-source languages lacking formal specification and verification tools - such as Microsoft.

Yes, that's right - mission-critical software systems procured by the US government are mathematically VERIFIED for correctness using an entirely different suite of languages and tools that what the commercial sector uses. DARPA - aside from all of convicted-felon Poindexter's shenanigans involving "Total Information Awareness" and the "Terror Futures Market" - DARPA has made great progress over the last few decades nurturing the development of these languages and tools. Just like it developed the Internet to take a licking but keep on ticking (using packet-switching, or replication of outgoing messages along redundant paths to the recipient), DARPA has funded computer languages which are in an entirely different cosmos from the buggy, hack able software products of commercial vendors.

These certifiers can blather on till the cows come home, but getting voting-system software that works every time isn't yet a managerial matter of making sure everyone talks to each other. We don't even have an algorithm yet, and they've got us debating over whether it's gonna be a touch-screen or an optical scanner. We haven't even made them recognize our RIGHT - under the Freedom of Information Act, really, unless addition is classified as a "munition" we're not allowed to view or export - our RIGHT to publicly craft and confirm the formulas and protocols which total our votes, like we publicly craft and confirm the formulas which total our taxes. It's the Cheney Energy Task Force all over again - we're not allowed to know who wanted to invade Iraq back in 2000, and we're not allowed to know how "they" total "our" votes. The slogan should be something like: If you can't tally my vote, then you can't levy my tax.

And we could also a page from the Republicans' handbook, on the most concrete (because most "virtual") issue ever handed to us: ask for MORE. When they throw these ridiculous hand-wringing reports at us, about how they're going to really get on the ball and pay LOTS of attention to the software-writing and -certifying process, we could demand that we focus on REAL issues, like

(1) the software that SAIC going through so many hoops to write and certify doesn't attempt to conform to the specification of what real voting-software should do - an executable specification hasn't even been drafted or signed-off on;

(2) Why isn't there just a single "Manhattan" project to write up the vote-casting and -tallying software once and for all?

I know, I know, one step at the time - it does feel valid, or at least invigorating, to expose that Diebold doesn't know how to program databases or to debate whether SAIC really is trying to fix the broken process. It does move the debate ahead on a particular path.

Research & development in a partisan, corporate, non-academic environment
It's hard to deal with a technical issue like voting software on so many fronts, where so many parties such as Diebold or SAIC are clearly or not-so-clearly malicious. I do hope that someday what will come of it is the only thing that would really work: either (a) a public voting-system specification effort which succeeds in formulating, in a few pages, an executable specification which can be MATHEMATICALLY proven to total votes in compliance with the letter and spirit of our laws - the same way the we are able to produce a form which MATHEMATICALLY totals our taxes, or (b) go back to throwing stones in diffent urns.

Yes there is more than just addition involved here - there are the aspects of privacy or secrecy and no ballot stuffing. Totalling or subtotalling is obviously a requirement of the system. But the current topology (involving transmission over a modem is NOT a requirement.

I'm a programmer, with a career in Access and an interest in social software and studies in formal specification and implementation of MATHEMATICALLY VERIFIABLE software systems. I've read up on a lot of the voting systems out there, and I'm not even convinced ANY of them works. In other words, I'm not sure a specification has been written yet which implements secure private vote-casting and -tallying - it's a deceptively simple yet kind of big topic (mostly because of the secrecy, no-ballot-box-stuffing, and no-vote-buying requirements, from what I've gathered so far).

Sometimes I think we should take a page from DARPA - if we're going to be stuck with doing this thing via software instead of via physical tokens. How did they make the Internet indestructible? How do we guarantee that Diebold's "copyrighted" memos won't disappear from the face of the earth? How do accountants make sure nobody's cooking the books?

Replication
One word: replication. As I mentioned above, messages traveling between computers in the Internet get replicated and travel along multiple paths to their destination, where they are re-assembled. The Internet was designed this way to withstand war - somebody could take down a whole chunk of the Internet, and messages would keep chugging through whatever alternate pipes they could find. Neural networks (artificial ones, as well as natural ones like the brain) work this way too - nobody knows where the "program" resides, and you can knock out a chunk of the system and it keeps on running.

Social scientists are onto something when they favor local rather than global systems. Wolfram wrote that big book recently about a bunch of little rules being capable of generating all the complexity of the universe. In mathematics and living systems, decentralized, distributed systems (including replication and redundancy) have the best success.

We replicate stuff we don't want to lose - and we use double-entry bookkeeping, backed up by independent auditors, to make sure nobody's cooking the books. Multiple pairs of {partisan} eyeballs at every step of the way.

In a way, we're on the right track: Intuitively, many have learned that the battle cry is "paper trail"! A second copy. Even better - a physical one - because electrons and bits are invisible. Anyone can see that few things in this world survives very long intact if there's only one existent copy of it.

Fortunately, in the "digital" or "virtual" world, replication is the operation par excellence.

High-level system specification versus "touch screens"
Many classical, well-understood, fully-solved computer problems (such as the "dining philosopher" problem, or the "semaphore" problem) involve ideas about different parties competing with or keeping tabs on each other. The way these problems were solved initially was "heuristically" or via a "Gedankenexperiment": people just talked or wrote in English or whatever natural language or engaged in lots of "hand-waving" talking about this resource passing a message or a token to that resource and having such and such effect. Eventually, these descriptions were re-written in specification languages and finally implementation languages.

The crucial thing here was getting the "algorithm" right. You don't talk about whether you need passwords or whether you want to use a touch-screen or an optical reader or a punchcard at this early stage of the game - those choices are irrelevant during the overall "architectural" stage.

DU has come up with probably the most relevant "architectural" requirement: replication of the voter's original choice. The suggested number of replicas was just 1 in this case - but you remember in math that things do get more interesting when you go from 1 to N. Sometimes I have a hunch that the solution to this problem would be massive redundancy as in (a) holograms (where at any point in the hologram there's a full image) or (b) living organisms, where each cell contains a complete set of chromosome's codifying that individual's genome or (c) the Internet, where something exists on one machine and then suddenly it's all over the world - whether it be a Diebold memo or a Britney Spears song.

Imagine if every time someone popped a vote into a machine, ALL machines on some kind of net registered the vote at the speed of light - and then an additional layer of communication did an instant audit (some sort of "casting out nines" double-checking thing), making sure that all machines still match, and that the vote tally gradually went up one by one nationwide as each vote was cast. Too complicated you say?

Remember that trillions of dollars in currency are traded every couple of days in the world down to a hundredth of a penny, every ATM in the world knows you took out twenty lousy bucks (plus the buck-fifty service fee) within seconds after you did it, Echelon secretly listens to and filters billions of emails all over the world in real-time, and Sabre and Galileo spit out thousands of unique 6-character "record locators" for airline passengers all day long (and then, if you flew JetBlue or Delta, hands off the whole thing to a Pentagon subcontractor who illegally matches it up to your Social Security Number and credit rating) - and here we are parsing an SAIC memo talking about "mitigating" and "reducing risk" by resetting all the passwords in the manual.

Talk about shuffling the deck chairs on the Titanic!

Take a page from the Republicans' playbook: Ask for more.

Demand:

(1) A "Manhattan" project using an executable specification language such as DARPA's 'Maude' to publicly specify a voting-casting and -tallying system (prefaced by a complete, high-level specification taking up just a few pages) mathematically proven to be in compliance with the letter and spirit of the Constitution, ie that it indeed computes vote totals correctly - the same way tax forms can be inspected by a person understanding arithmetic to confirm that they indeed compute taxes correctly;

(2) A publicly verified implementation of this open-source specification into open-source code running on open-source hardware;

(3) As a kicker, promote the free release and adoption of this code to any country which claims to be a democracy. In fact, the Manhattan project could be a UN project - there's plenty of programmers all of the world who can do this, and plenty of executable specification languages overseas (such as ELAN in Paris).

Yeah, I'm an idealist. But aren't we all - perhaps never moreso nowadays than when the topic is "software". Software is in a way our new religion - the {holy} ghost in the machine - it's the one thing the average person actually believes is perfectible. In the end, it might not be - it might just be the "most perfectible" thing we've found so far, or it might be a load of crap. But if we're going to have to use computers rather than physical media to tally our votes, then play on the public's tender belief in the perfection of the virtual world. Play on people's religion, like the Republicans do. This is not only the most important issue for us to run with - it may also, surprisingly, be the easiest issue for us to run with.

For more amplification and ranting in this idealistic vein, see also:

http://www.democraticunderground.com/discuss/duboard.php?az=show_topic&forum=104&topic_id=397859

http://www.democraticunderground.com/discuss/duboard.php?az=show_topic&forum=104&topic_id=380511

On spellcheck: The spellchecker recommended replacing "Poindexter's" with "Pinfeathers"!

The report itself seems to be cunningly written to appear
neutral and objective while actually having a pro-DRE bias
AND providing nice sounde-bite-size quotes that give a totally
wrong impression.

On the one hand, it is a powerful condemnation of the Diebold
voting machine, GEMS, and Maryland's (and almost everyone else's
security practices).

The study makes quite a few good points, and the measures they
propose will make the system more secure. However, it purposely
avoids the really big issues. They explicitly limit the discussion
to how to minimize the risk with reasonable cost, etc. (there is
a paragraph saying this.) The report starts with the assumption
they are stuck with the machines and makes recommendations for how
to make the best of this bad situation.

There is a separate document, appendix B, that does a point-by-point
analysis of the Johns Hopkins/Rice report. SAIC should be downright
embarrassed about this. Most of the responses I checked were irrelevant or misunderstood the original argument. One particular point is about the need for a voter verifiable audit trail. The response says that voters can verify their votes on the screen (irrelevant) and that printers can have security problems too, unless you do manual recounts (duh!).

Ehrlich's summary of the report ("safest and most secure") has
NOTHING to do with the contents of this report. The most they say
is that they can recommend measures to minimize the risk.

Anybody has a link for Appendix B? Thanx. -CV

Appreciate your point of view.

What is your perspective on refusing to reveal which versions they studied? Odd, don't you think?

Bev

Yes, it's odd.

People are sending me email as they notice problems with
this report. It's a major project to catalog them all.

The report itself seems to be cunningly written to appear
neutral and objective while actually having a pro-DRE bias
AND providing nice sounde-bite-size quotes that give a totally
wrong impression.

On the one hand, it is a powerful condemnation of the Diebold
voting machine, GEMS, and Maryland's (and almost everyone else's
security practices).

The study makes quite a few good points, and the measures they
propose will make the system more secure. However, it purposely
avoids the really big issues.

Exactly. Such as having something to verify against. Such as paper.

It's just hard to figure out at first in an Adobe PDF / Acrobat file.

You have to click on the icon with the little "T" first!

Then you can copy-and-paste to your heart's content!

"Recommendation: Modify procedures for the Logic and Accuracy (L&A) testing to include testing of time-oriented exploits (e.g., Trojans)."

Easter-eggs (as time-oriented exploits are commonly called in the industry) can't be 100% precluded via a so-called "Logic and Accuracy" test.

Observing the BEHAVIOR of a computer program in a finite number of runs yields a guess as to what its SPECIFICATION might be.

For example, consider a program that produces the following output for a (necessarily finite) series of test runs:

INPUT 2
INPUT 3
OUTPUT 5

INPUT 3
INPUT 4
OUTPUT 7

INPUT 12345
INPUT 11111
OUTPUT 23456

INPUT -1
INPUT 100
OUTPUT 99

What does this program do? Or, even more simply, what would the output be for the following run:

INPUT 555
INPUT 444


Well, if you're being asked this question on the math portion of the SAT test (which is known NOT to be malicious) you can safely answer: "It adds the two inputted numbers!" So the answer would be

INPUT 555
INPUT 444
OUTPUT 999

However, the code for this program could be:

(
INPUT X
INPUT Y
( IF ( X = 555 AND Y = 444 )
THEN ( OUTPUT "HOLY SMOKE BATMAN!")
ELSE ( OUTPUT X+Y ) )
)

in which case, this particular run would look like:

INPUT 555
INPUT 444
OUTPUT HOLY SMOKE BATMAN!

Remember in geometry when you had to do a proof? It wasn't enough to show lots and lots of cases where the proof held - you had to "prove" that it holds in ALL cases (and there's usually an infinite number of them).

For all intents and purposes, there is an infinite number of ways a program can be run - an infinite number of inputs that can be fed into it.

You don't test what a program does (particularly a potentially "malicious" one, where the goal is to rule out the possibilities of "Trojan horses" and other spyware as the SAIC report naively claims to do) by running it a bunch of times.

You VERIFY what a program does by reading its source code. "Logic and Accuracy" testing is a meaningless, made-up, official-sounding name which is completely useless to check against Trojans or "malicious code".

Many educated clients demand to see and own the source code of any program they are purchasing. We the people, if we are going to purchase voting-system software, are perfectly within law and custom to demand to see and own the source code of this software.

And SAIC should know this. That's one example of how to tell this report is a whitewash. A high-tech whitewash.

On the Diebold touch screens, the "logic and accuracy" test which does a "pretend election" doesn't actually have votes entered like, you know, a pretend election.

No, they have a special program and what you do is go to that menu and have it run a logic and accuracy test -- no one's chubby little finger pushing touch screens, mind you, but the computer pretending it is testing itself. All this after you put it in "test mode."

So the whole business about the "logic & accuracy test" is bizarre to begin with. Then, you TELL the machine it is being tested.

Of course, they did push the touch screen with their fingers for a logic and accuracy test for some machines in Georgia. According to Rob, of "rob-georgia" fame, who is a very cool guy actually, "you enter, like, one vote..."

Okay so those are the little-known facts about the highly touted but completely stupid "logic and accuracy" test.

"They want us to have a system test on startup. Why don't we just change the message that says memory test to say system test....."

"Recommendation: Change default passwords and passwords printed in documentation immediately."

Remember the GEMS system they're talking about is programmed in Microsoft Access.

Homework assignment: Go to google and type in "hacking MS-Access passwords". See how many websites come up.

This isn't even interesting, critiquing this SAIC report. They're dealing with programming - but they're using mush-mouthed bureaucratic words like "mitigation strategies".

You don't do "mitigation strategies" to do math. If you don't know the algorithm for doing long division or computing the square root of two or performing RSA encryption (or, even worse, if you don't even know that RSA encryption works, and MS-Access passwords don't), all the "mitigation strategies" in the world aren't going to help.

This report is boring. I wonder what kind of fun they're having over on slashdot with it.

And they are enraged over at Slashdot.

I love geeks. They shall save the world.

"Recommendation: Require 100 percent verification of results transmitted to the media through separate count of PCMCIA cards containing the original votes cast."

Translation: DON'T let the VOTER verify by reading a piece of PAPER that their vote was accurately recorded. DON'T let the VOTER cast this paper vote at the polling station to provide a physical backup for auditing and/or recount purposes.

DON'T check to see if the vote recorded on the PCMCIA card AND the vote transmitted through the media were BOTH tampered with. (This is REALLY easy to do.)

Do you see how silly this SAIC recommendation is? You're telling a black-box program, which we're trying to make sure has no malicious code in it, to police itself.

The computer can't check its own work against itself. The VOTER has to physically inspect an indelible ballot and cast it into a ballot-box. That's the only way you have something to check against. Checking a "PCMCIA card" against some other electronic media is meaningless.

One with transmitted results. Another with physically centralised PCMCIA cards?

First time I read this it made almost not sense to me at all.

al

If someone wanted to hack the system, then all they would have to do is hack the voter's selection BEFORE it got written to the PCMCIA card and BEFORE it got transmitted - and hack it the same way.

In other words, if the user votes for "Lieberman" say, then all the malicious code would have to do is record "Bush" to the PCMCIA card and "Bush" to the transmitted results. (Or, more likely, the PCMCIA card produces the transmitted results.)

It doesn't matter what kind of gobbledygook we talk about in the computer internals - that's just a distraction.

Common sense will tell you that the VOTER needs to see a piece in their hand that says "Lieberman" - and then drop this in a box. This is PHYSICALLY separate from the computer, so it is something the computer records can be checked against.

Otherwise, you're just checking stuff on a card in the computer versus stuff on some transmission out of the computer. Any hacker could rig this, and make them still match.

Your criticisms of this report have been extremely helpful for me Scottxyz. Thanks heaps.

You put lots of things a bit in perspective.. and what you say has been very much backed up by the guy on Slashdot who says he is a computer auditor. (see below)

What I found interesting about this particular suggestion from SAIC is that it is so specific and yet so apparently useless. If our reading of this suggestion is correct then after they implemented it there would be two ways left to hack the election results.

1. Hack both GEMS computers (still possible.. and much easier for insiders than for boogie men)
..or...
2. Hack the votes at the TS and precinct level, i.e. before they get put on the PCMCIA cards.

Al

It doesn't seem like a useful suggestion, but that's what they seem to be suggesting.

"Pending: your vote is now the property of Diebold, Inc. Any attempt on your part to ascertain the disposition of your vote is hereby declared to be in violation of federal law, e.g., the Digital Millenium Copyright Act." - corebreech

http://yro.slashdot.org/article.pl?sid=03/09/25/012242&mode=thread&tid=126&tid=172 (scroll way down)

"...with no human-readable audit trail, if you thought the stink over the Florida Presidential results was bad you ain't seen NOTHING yet..." - Ungrounded Lightning (62228)

http://yro.slashdot.org/article.pl?sid=03/09/25/012242&mode=thread&tid=126&tid=172 (scroll way down)

"...That's what the lack of a human-readable audit trail avoids: those pesky 'ballots' that people might want to recheck for accuracy. The Diebold systems might not be any better than hanging chads, but you can be sure they'll seem better because there won't be any way to remeasure the results and get a different number. .." - roystgnr (4015)

http://yro.slashdot.org/article.pl?sid=03/09/25/012242&mode=thread&tid=126&tid=172 (scroll way down)

We are f**ked. If a political system is so broken that it can't keep this from getting through then... well...

We are f**ked.

I really am an IT Auditor for a living and this is exactly the kind of work I do (although I mostly work for Utility Companies like water or electricity) and I know how these reports are created. There is HUGE pressure to "build assurance".

What that means is that you find an risk that is not addressed by a suitible control - and try to find a control - something, anything, that you can call a control to cover that risk. That's all fine and good, but what it means is that the risks that actually make it into the report are the really big, bad, completely unaccounted for ones. Put another way, for every risk that gets in, three didn't that a normal person would have thought should have.

Long and short, I write reports like this for a living and this is way, way, way worse than it looks.

- Inexile2002 (540368)

http://yro.slashdot.org/article.pl?sid=03/09/25/012242&mode=thread&tid=126&tid=172 (scroll way down)

If these things are used in election 2004...

...we're screwed. I mean all kinds of screwed.

Not just "they messed up my vote" screwed, but entire-election-results-legitimately-contested screwed.

The problem is that they're raising the margin of error by an unknowable amount. No matter which party wins in the 2004 Presidential election, the loser will easily be able to argue that the voting system was highly flawed and vulnerable to foul play. It will be a replay of 2000, except worse.

Using a system that's known to be insecure for national elections... it's just a guaranteed disaster. We'll have another election settled in court, and the populace of the U.S. will become even more polarized.

robson (60067)

http://yro.slashdot.org/article.pl?sid=03/09/25/012242&mode=thread&tid=126&tid=172 (scrollw way down)

Machine voting isn't the problem, Diebold is. They've created a horrible, insecure system. It's simple enough to create a more secure system that it's hard not to believe Diebold is deliberately enabling fraud.

A system where votes were printed to a machine-readable piece of paper, verified by the voter, then deposited in a secure box, would be simple and secure. By printing votes you create a self-verifying system -- voters can check their vote is correct, and an audit can easily verify that votes were recorded as voters intended. Management of the printed records would be just like the ballots we already are using, but without the reliability problems of punch-card systems. Tallying could be done mechanically, as a barcode could accompany the printed text.

The whole system is very simple. Even if they just used an ATM style of security (printing to an internal paper log) they would be far superior to Diebold. But using logic is difficult in this case, because Diebold is clearly making absurd claims, and it's difficult to refute absurdity.

EVM 2003 - http://evm2003.sourceforge.net - is trying to create a complete open source voting system (not just machine). I wish them the best of luck. This is more than just philosophy about copyright and IP, it's the defense of democracy from those that want very much to take away even the slight accountability that currently exists. They've already made it into office with one fraudulent election (2000), and very possibly kept control of congress with another (2002, with many states being won with unverifiable votes that didn't match up with predicted results).

- Ian Bicking (980)

http://yro.slashdot.org/article.pl?sid=03/09/25/012242&mode=thread&tid=126&tid=172 (scroll way down)

It's already been done.

http://www.elections.act.gov.au/EVACS.html

Here's Australia's system. The project was run by the government, with a contractor writing the actual open-source code for the system in less than six months for under $150,000. They have printers, audit trails, publicly inspected software and hardware, and the system is thoroughly tested.

The Twilight of Democracy in America

"Here is a thought provoking article at http://www.counterpunch.org/fitrakis09082003.html on the possibility that recent U.S. elections have already been stolen. Its quite interesting that a company called Battelle which has close ties to U.S. intelligence and defense agencies also has ties to Diebold and is a contractor heavily involved in VNS(Voter News Service). VNS is the service all the networks rely on to get the exit poll results they use to predict the outcome of elections. As you recall VNS mysteriously failed in the 2002 elections. If you were going to rig a modern election it would be necessary to either rig or sabotage the exit polls as well. It would be suspicious if the exit polls disagreed with the actual result of a race.

Electronic voting machines, without paper audit trails and control of exit polls would go a long way in letting those in power control close elections. The only check against widespread election rigging is that races where independent polls show a clear winner can't be rigged without danger of exposing the conspiracy. It just happens a lot of races in recent elections are very close, for some reason, and rigging a few has been enough to tip the balance of power in the Senate and presidential races in particular.

Its just conjecture but its quite possible that the Republican administration, with their heads bent by 9/11, are acting in concert with elements in intelligence or defence to keep the Democrats out of power in Congress because the Democrats are perceived as too weak to defend America from its enemies which are now behind every bush. They might well have rationalized to themselves that it was OK to destroy the most fundemental underpinning of freedom in America in order to defend America.

During these tumultuous times its quite possible the Bush administartion and its allies have decided to do whatever it takes to maintain control of the Presidency and Congress, which will eventually lead to control of the judiciary. We could well be witnessing the end of the last pretense of Democracy in America. If the Reuplicans maintain control of the congress and the presidency in 2004, you may as well stop wasting your time voting after that.

It also quite suspicious Democratic senatorial candidates keep dying in plane crashes. Mel Carnahan in 2000 and Paul Goldstone in 2002 whose seat was subsequently won by a Republican tipping in the balance of power in the Senate.

Just look at the string of disturbing visible Republican power plays, the Clinton impeachment, the Florida debacle, redistricting in Texas and Colorado, the California recall and the possibility the California energy crisis was rigged by Enron and its allies in the White house to create turmoil in one of the last remaining Democratic strongholds. You can easily envision the possibility the Republicans are engaged in a no holds barred campaign to seize and hold power."

- demachina (71715)

http://yro.slashdot.org/article.pl?sid=03/09/25/012242&mode=thread&tid=126&tid=172 (scroll way down)

http://www.wired.com/news/business/0,1367,60583,00.html

Reading it now...

"Rubin, who read the redacted version of the report, said, "I'm very happy to see this report, and I think it validates our work. But my concern remains that Maryland, instead of responding with a sense of urgency, seems to be looking for ways to move ahead with Diebold despite this report.

"The Maryland plan of action is seriously out of whack with the SAIC risk assessment," he added. "This is a system with serious problems. I would expect them to suspend plans to use the Diebold machines until SAIC releases a report that says the system is safe to use."

Rubin said elections in states that have already used these systems were open to compromise. These include Georgia, which used more than 20,000 of the Diebold machines in its gubernatorial election last November, as well as counties in Maryland and California. "

"Pamela Woodside, chief information officer for Maryland's board of elections, said the Diebold technology must now be recertified before it can be used in an election. That process is already underway. Wylie Laboratories and Ciber, the independent authorities that originally tested the Diebold system, are doing the certification.

But Rubin questioned the wisdom of returning a system to the same authorities that originally certified it. "If the certification process didn't catch these security problems, why should we believe that the same certification process will work to ensure that these problems are corrected?"

The certification process itself has long raised questions among security professionals about the voting system standards. "

****

Yip Kim it has...

"Pamela Woodside, chief information officer for Maryland's board of elections, said the Diebold technology must now be recertified before it can be used in an election. That process is already underway. Wylie Laboratories and Ciber, the independent authorities that originally tested the Diebold system, are doing the certification."

I'm wondering how serious this recertif. process is. Another formality ?

-OOPS. Just saw the previous message and read Rubin's comment.

-CV



"http://www.wired.com/news/business/0,1367,60583,00.html

Reading it now... "

Read this pile of crap about the voter-verified issue. I'm wondering if they are not being actively misled at some level. Most of the claims are ridiculous. -CV

http://www.aapd-dc.org/dvpmain/elreform/aapdballots.html

Investigative journalist Lynn Landes presciently warned us in a November 8, 2002 article, “Republican Voting Machines, Election Irregularities, and ‘Way-Off’ Polling Results:”

And for those who believed that the new election reform law does anything to protect the security of your vote...think again. The federal standards to be developed and implemented as a result of the new law will be VOLUNTARY. What Congress really did was to throw $2.65 billion dollars at the states, so that they could lavish it on a handful of private companies that are controlled by ultra-conservative Republicans, foreigners, and felons.

Landes’s charge was validated during an exchange in the secret conference call on August 22, 2003, between R. Doug Lewis of the Election Center, representatives from most of the voting machine companies, and former SAIC and current VoteHere executive Harris Miller, who chairs the Enterprise Solutions division of the muscular and “prestigious” Information Technology Association of America (ITAA):

Question: Would existing Elections Systems Task Force be reconstituted or reformatted in any way?
Answer: They have been more focused on the HAVA legislation but would be interested in meeting with this group. (The major companies involved in this task force are Northrop-Grumman, Lockheed-Martin, Accenture and EDS.)

…The Election Systems Task Force’s “goal was very limited. They just wanted to get the legislation HAVA enacted and to create more business opportunities for them as integrators. Their agenda was “how do we get congress to fund a move to electronic voting?”

If one looks back at the record, the progression is clear. Harris Miller got the ball rolling in January, 2001, in an article in the Washington Post (preserved in an Australian newsgroup) which crowed that there would have been no election controversy in Florida had the votes been cast on modern voting machines.

In January 2001 with ITAA’s assistance and in conjunction with the engineering department at University of Wisconsin, VoteHere staged a demonstration for Congress of their “EZ™ Access design techniques make electronic voting machines easier to use for the average citizen, our aging population and people with disabilities.” In February, 2001, the first meeting of ITAA’s Voting Reform Task Group was held. In March, VoteHere announced a program for ADA compliant voting systems.

By April ITAA was already announcing the results of a poll they commissioned showing high support (surprise, surprise) among respondents for computerized voting. No doubt the lobbying efforts took off at full speed from there. Having gained an ally in a difficult constituency to say no to (the disabled), which stood to gain so much in privacy and self-respect as a result of the new touchscreen technology, organizations such as Common Cause, ACLU and the League of Women Voters were brought into the fold and as a result have been staunch foes of voter-verified paper ballots, and thus unwitting allies for Diebold and other touchscreen vendors.

Obviously, having these important groups and organizations come out so strongly against voter-verified paper ballots makes blackbox voting activists’ job all the more difficult.

At most, 4 of the 12 vulnerabilities found by Rubin are addressed by the SAIC report.

http://www.geocities.com/rubinsaic

Also remember, the SAIC report neglects the most important feature: a voter-verified paper ballot.

unless it's covered in the redacted portions, which I frankly doubt since it wasn't mentioned in their introduction, scope, etc.

Eloriel