Despite Illegalities, Diebold Election Machines Certified In CA

http://guvwurld.blogspot.com/2006/02/despite-illegalities-diebold-election.html

Despite Illegalities, Diebold Election Machines Certified In CA

CA Secretary of State Bruce McPherson issued a press release (.pdf) Friday afternoon, buried at the start of the long holiday weekend, announcing conditional certification of Diebold OS and TSX voting machines.

SACRAMENTO, CA - Secretary of State Bruce McPherson today announced his decision to certify with conditions the Diebold TSX and Optical Scan (OS) voting systems for use in California's 2006 elections. The decision comes after months of thorough review of both voting systems, their compliance with both state and federal laws and the completion of an additional security analysis by independent testers from computer labs at the University of California, Berkeley.

That's only the first paragraph and we have several problems. In the first sentence we learn that this certification is conditional. We'll get to the conditions later. First consider this summary statement of Diebold's certification efforts published in an April 2004 CA Secretary of State Staff Report (.pdf).

1. marketed and sold the TSx system before it was fully functional, and before it was federally qualified;

2. misrepresented the status of the TSx system in federal testing in order to obtain state certification;

3. failed to obtain federal qualification of the TSx system despite assurances that it would;

4. failed even to pursue testing of the firmware installed on its TSx machines in California until only weeks before the election, choosing instead to pursue testing of newer firmware that was even further behind in the ITA testing process and that, in some cases, required the use of other software that also was not approved in California;

5. installed uncertified software on election machines in 17 counties;

6. sought last-minute certification of allegedly essential hardware, software and firmware that had not completed federal testing; and

7. in doing so, jeopardized the conduct of the March Primary.

We've been down this path before. Once again unqualified equipment is given provisional approval, this time despite a clearly documented track record showing Diebold's brazen disregard for such arrangements. They do not genuinely strive to comply with federal laws, and in fact, are currently out of compliance with federal law by inclusion of interpreter code. In his 12/20/05 letter to Diebold (.pdf), Secretary McPherson wrote:

It is the Secretary of State's position that the source code for the AccuBasic code on these cards, as well as for the AccuBasic interpreter that interprets this code, should have been federally reviewed.

So less than two months ago the Secretary recognized the illegal component is present, though without acknowledging that interpreter code is prohibited by both federal guidelines (.doc) and McPherson's own edict (.pdf) requiring compliance with those standards as a condition of state certification. And now he just pretends the equipment is compliant, a fantasy asserted twice in Friday's press release. Let's be clear - the determination of the interpreter code's existence in December and continued presence today should be all that is necessary to reject Diebold's bid for certification.

Furthermore, McPherson's December letter referred Diebold's equipment to the federal Independent Testing Authority (ITA), not the Voting Systems Technology Assessment Advisory Board (VSTAAB). Never mind the conflicts of interest Dr. Avi Rubin recently described between the ITA and the election machine manufacturers who fund them.

So we already had reason to be suspect of McPherson's December maneuver even before he broke his word and stealthily tapped VSTAAB, a newish body that seems to have risen from the ashes of the Voting Systems and Procedures Panel which was hastily disbanded late last year. The VSTAAB, in conjunction with UC Berkeley grad students, issued a 38 page report called "Security Analysis of the Diebold AccuBasic Interpreter" (.pdf) - again confirming the existence of the interpreter code.

While the analysis is too long to fully dissect here and now, GuvWurld will surely pull more detailed quotes in future reports. For now, a "Security Analysis..." summary:

• We did not do a comprehensive code review of the whole codebase, nor look at a very broad range of potential security issues. Instead, we concentrated attention to the AccuBasic scripting language, its compiler, its interpreter, and other code related to potential security vulnerabilities associated with the memory cards.


• We found a number of security vulnerabilities, detailed below. Although the vulnerabilities are serious, they are all easily fixable. Moreover, until the bugs are fixed, the risks can be mitigated through appropriate use procedures. Therefore, we believe the problems as a whole are manageable.


• Memory card attacks are a real threat: We determined that anyone who has access to a memory card of the AV-OS, and can tamper it (i.e. modify its contents), and can have the modified cards used in a voting machine during election, can indeed modify the election results from that machine in a number of ways. The fact that the the results are incorrect cannot be detected except by a recount of the original paper ballots.


• Harri Hursti's attack does work: Mr. Hursti's attack on the AV-OS is definitely real. He was indeed able to change the election results by doing nothing more than modifying the contents of a memory card. He needed no passwords, no cryptographic keys, and no access to any other part of the voting system, including the GEMS election management server.


• Interpreter bugs lead to another, more dangerous family of vulnerabilities: However, there is another category of more serious vulnerabilities we discovered that go well beyond what Mr. Hursti demonstrated, and yet require no more access to the voting system than he had. These vulnerabilities are consequences of bugs--16 in all--in the implementation of the AccuBasic interpreter for the AV-OS. These bugs would have no effect at all in the absence of deliberate tampering, and would not be discovered by any amount of functionality testing; but they could allow an attacker to completely control the behavior of the AV-OS. An attacker could change vote totals, modify reports, change the names of candidates, change the races being voted on, or insert his own code into the running firmware of the machine.


• Successful attacks can only be detected by examining the paper ballots: There would be no way to know that any of these attacks occurred; the canvass procedure would not detect any anomalies, and would just produce incorrect results. The only way to detect and correct the problem would be by recount of the original paper ballots, e.g. during the 1 percent manual recount.


• Interpreted code is contrary to standards: Interpreted code in general is prohibited by the 2002 FEC Voluntary Voting System Standards, and also by the successor standard, the EAC's Voluntary Voting System Guidelines due to take effect in two years. In order for the Diebold software architecture to be in compliance, it would appear that either the AccuBasic language and interpreter have to be removed, or the standard will have to be changed.

This is devastatinglyy stupid. If not these problems, what findings would have caused the analysts to withhold their recommendation? McPherson's decision to conditionally certify based on this security analysis would seem to be an invitation for a legal showdown, not to mention a competency hearing and a criminal investigation.

Gee, this report is getting awfully long and I've still only commented on the first paragraph of the certification announcement. I'm not going to take this too much further today but I do want to comment a little on the second paragraph:

"As the State's chief elections official, the decision to certify voting systems is a very serious responsibility, and a number of factors must be carefully weighed before I determine whether to grant certification," said Secretary McPherson. "This is precisely why I created 10 strict standards that must be met for a voting system to be certified, making California's process the most stringent in the nation. We have applied these standards and after rigorous scrutiny, I have determined that these Diebold systems can be used for the 2006 elections."

The Secretary of State's website has the "10 strict standards" here (.pdf). Check out step 3:

State certification testing does not begin until the federal qualification testing is successfully completed.

That is not the only part of the process developing out of order. Public comment and a hearing are the last two steps before Step 10: "Final review of system and decision by Secretary of State." That would suggest the public will yet still have its chance to be heard. Instead, it would seem McPherson is providing his rubber stamp with disregard for the public forums--held last year, out of the "strict standards" sequence--that ran overwhelmingly in opposition to certification for Diebold.

Battles now seem primed to ensue on at least two levels. There will surely be a response on the state level, likely from a host of election integrity organizations banding together. And there must be county level resistance anywhere Boards of Supervisors appear willing to allow their Registrars to accept the path of least resistance. At a minimum, it would be foolish for counties to begin spending money knowing that major modifications must still be undertaken, and that even then, Diebold's track record leaves no basis for confidence that the equipment will be made secure, transparent, and accurate, let alone "compliant" with optional laws. Perhaps the silver lining is this, from Friday's press release (.pdf):

Diebold will be required to make all recommended long-term programming modifications contained in the report and submit the modified product to the Federal Independent Testing Authority (ITA) for requalification and state certification.

So not only is the certification provisional, apparently it is going to be completely up for review again if/when Diebold ever complies with the law. So why certify it now? Notice that the press release only mentions California's 2006 elections.

For broader perspective, Diebold is like the hotshot quarterback whose teachers give him passing grades just so he can play ball. The more potent analogy here is Mr. Bush saying unconstitutional spying on Americans is legal - because he is already doing it. If we are not a people beholden to laws, what inhibits our potential responses? Election reform is not a goal unto itself but rather a tactic in the peaceful revolution. Here's a Blueprint.

www.HumboldtRevolution.org
Non-violent revolution is necessary, NOW!

I mean is it so difficult that you can't properly test and certify them beforehand?..

for depriving them of their constitutional right to vote and have it counted accurately may be one way of fighting back.

Also investigate McPherson's finances and hold him accountable for the same thing.


Just some thoughts.

I was wondering how the ITA was going to deal with this. For them to decertify the equipment would have an impact a lot further than CA.

However, short of the ITA de-certifying it, I didn't see that we'd get an opportunity to comment further on the state level because IT WAS ALREADY CERTIFIED. (More on this below.)

So I got to wondering. Might the ITA told McPherson to buzz off stating that they had already certified the software and that if CA didn't like it, they were free to buy different machines?

Part of what got me thinking that was what a bad day Diebold actually had. That report, in addition to signing off, really shot the hell out of Diebold's architecture. http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=203x413325
I can't see this temporary conditional certification making BoE's comfortable with the future prospects.

I'm thinking Diebold won a Pyrrhic victory. (Or, McPherson really screwed them, though he'll reap nothing but our scorn.)

Now, the conditions set-out include Diebold needing to do both short and long-term fixes.

But is McPherson going to ask the ITA to re-test both the short and long-term fixes?

I got the idea that the short-term, 2006, portion was going to skip fed testing. That ain't legal, so can we fight that?

Also, Bowen suggests the VVPAT for the TSx doesn't meet CA law.
http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=203x413398
While leaving us Diebold's OpScan would that not, legally, rid us of the TSx?

I'm about out of answers right now but hope to have more in stock later today...thank you, come again.

Of course everyone is going to be recommending contacting state Senators and Assemblymembers, and there will also be encouragement to contact county Supes and Registrars to at least appeal to reason and encourage them not to make rash and hasty decisions on the heels of McP's lunacy.

But here's what's more...the state attorney general should be looking at coming down on McP for basically giving Registrars his authority to use illegal equipment. That's right, the equipment is still going to be out of compliance with federal guidelines regardless of whether McP calls it certified. So I would say we should be looking at local courts to issue injunctions against using the illegal machines, and turning to the state attorney general to block their implementation across the board, plus look at McP's culpability for issuing such an irresponsible directive.

the state attorney general may be an appropriate avenue to seek relief...he may be a way for us to put McP in check for issuing an "illegal order," a notion military members are supposed to know they can disobey...McP has told Registrars to use the machines even when they are out of compliance...that opens the Registrars to liability for acting illegally but with his approval (just following orders)...can the AG somehow censure, restrict, remand, whatever McP?...can the AG issue some superseding ruling that relieves Registrars of this dispensation to act illegally?

I would guess that it could be argued that the BoE's are obliged only to limit equipment choices to those certified by the state, not to those that meet state or federal guidelines.

Likewise, the SoS may be obliged only to limit equipment choices to those certified by the ITA/NASED/EAC and legal under CA State law, regardless of the equipment conforming to federal, or even state standards.

If we can sue the state because the equipment fails to meet federal standards, despite enjoying federal certification, then we have something.

Diebold in California: Who's Responsible?

By Warren Stewart, VoteTrustUSA

February 18, 2006

snip

But wait! Why on earth would any county spend millions of taxpayer dollars on a system that is clearly in violation of state and federal law and risk the legal exposure of using illegal voting machines?

In his certification document for the Diebold systems, McPherson states that the approval was subject to several terms and conditions. Among those conditions, McPherson specifically states that voting systems "shall comply with all applicable state and federal statutes, regulations, rules and requirements, including, but not limited to, those voting system requirements set forth in the California Election Code and the Help America Vote Act of 2002 ." He continued, "further, voting systems shall also comply with all applicable state and federal voting system guidelines, standards, regulations and requirements that derive authority from or are promulgated pursuant to and in furtherance of the California Election Code or …including but not limited to, the 2002 Voting System Standards/Guidelines, developed by the Federal election Commission and adopted by the Election Assistance Commission (EAC) and EAC Advisory 2005-04, dated July 20, 2005."

But just exactly how and when will Diebold's systems be brought into compliance with federal and state standards? Unlike Prof. Michael Shamos, who, after a cursory review of the Diebold systems, decided that AccuBasic was not prohibited by federal voting system standards and therefore was "okay" for use in Pennsylvania, the VSTAAB computer scientists, who took four weeks for their review, confirmed that "interpreted code in general is prohibited by the 2002 FEC Voluntary Voting System Standards, and also by the successor standard, the EAC’s Voluntary Voting System Guidelines due to take effect in two years. In order for the Diebold software architecture to be in compliance, it would appear that either the AccuBasic language and interpreter have to be removed, or the standard will have to be changed."

snip

It would appear that under this condition, if a voting system was found to not be in compliance with the requirements, the counties who have obtained funds under California Proposition 41 or federal funds under HAVA to pay for the voting systems would have to return them. They then would have to go after the vendor for either compensation or force them to make their voting systems into compliance.

Before the local election officials give a sigh of relief, it would be incumbent upon them to run all the documents released by the Secretary by their County Counsel. The conditions of approval may put them at greater risk legally and financially than a threat of a suit from the Department of Justice for non-compliance with HAVA. After all, the Diebold voting systems themselves are not in compliance. They should be more concerned with voter confidence and potential liability, than electoral expediency.

snip

http://www.votetrustusa.org/index.php?option=com_content&task=view&id=949&Itemid=113

nee3d a legal opinion here.

K&R

with this non-violent revolution, may I suggest we start educating the the Police officers and Police stations across America with what is going on with the secret vote counting machines, they may cut us some slack when we roll in to town fighting this injustice.

My twelve year old knows better than to count the vote in secret. The police officers I know have COMMON SENSE and once they realize this vote counting reality, they will be with us to a certain degree.

My two cents.

I'm not sure exactly how to go about this but I must have been vibing something similar earlier tonight. I bumped into Arcata City Councilmember Dave Meserve. He is one of the three who voted to adopt the Voter Confidence Resolution and he has authored several other resolutions of his own calling for impeachment, an end to the war, a sanctuary for war resisters, among others. One of his previous resolutions was called MUNICIPAL RESPONSE TO FEDERAL LAWLESSNESS. It occurred to me that lawlessness is what we've got here with McP making himself the law in order to approve equipment that is patently in violation of the law. I asked Dave if this was something that would make him want to take a next step in the election integrity fight and could we talk about it next week. More on that in a few days...

Meanwhile, kster has a good point and I wonder if it can be woven together with the paragraph above? I guess what I mean is can we approach the police simply to present the frame of lawlessness in order to then ease acceptance of our response, thus far consisting primarily of using the scary R word.

This relates to another question I have asked many times over the past few years, on the public record as frequently as possible: what is it going to take to make the phrase "peaceful revolution" socially acceptable?

There probably isn't one single definitive answer to that. However, the closest thing may simply be repetition of the question. Just like: Has the Consent of the Governed Been Withdrawn, YET?

The courts are a course of action. LandShark, and you, are waging revolutionary battles, in a sense.