Making Diebold "Okay" For PennsylvaniaBy John Washburn and Roxanne Jekot, VoteTrustUSA Voting Technology Task Force
January 22, 2006
Last week the Department of the Commonwealth of Pennsylvania released a report confirming the certification of the Diebold TSx touch screen voting machine and reversing an earlier decision to deny certification for the Diebold OS central count optical scanner. The state continued to deny state certification of the Diebold precinct count optical scanner. The report reveals how the Department of State of Pennsylvania and their expert consultant worked together with Diebold to fabricate a justification for certifying machines in the state that contain prohibited code and have the same potential of being hacked undetectably that was demonstrated in a well publicized test in Florida last month. The report refers to this test as the “Hursti Exploit”.
snip
How Diebold and Dr. Shamos Made Diebold "Okay" for PennsylvaniaFirst, Dr. Shamos claims on page 5 of the Pennsylvania report that AccuBasic does not reside on Diebold’s general election management software (GEMS). Aside from the fact that this statement is false, it is also beside the point. Nowhere in the paper Harri Hursti submitted to the National Institute of Science and Technology or in his Full Report is there any assertion that the AccuBasic resides on the central GEMS server. The “Hursti Exploit” involves only the memory card in the optical scanner and the AccuBasic file on that memory card.
Dr. Shamos’ mention of the GEMS server is a completely spurious distraction. Once the voting machine's memory card has been pre-stuffed, all the electronic records - the memory card contents, the poll tape printed by the machine at the end of the day, the machine level data in the GEMS database, every summary number from the GEMS database, every report printed by the GEMS central tabulator - stem from a single source and that source is the corrupted memory card. Because there is a single source, every electronic record will be in agreement - and incorrect.
(It is worth noting that none of the electronic records would agree with totals derived from hand counts of voter verified paper records and this inconsistency would be revealed in a routine manual audit. But Pennsylvania, unlike 27 other states, does not yet have a requirement for a voter verified paper record.)
Next, Dr. Shamos claims that the prohibition of self-modifying code, dynamically loaded code, and interpreted code found in section 4.2.2 of the 2002 VVSG does not apply to the Diebold equipment (both optical scanners and touch screen DRE’s) because of an exception. Section 4.2.2 reads:
“Self-modifying, dynamically loaded or interpreted code is prohibited, except under the security provisions outlined in section 6.4.e.”
The only problem is that
there is no section 6.4.e! It doesn’t exist.
snip
http://votetrustusa.org/index.php?option=com_content&task=view&id=814&Itemid=113