Diebold does it again (forwarded)

http://www.opednews.com/articles/genera_jgideon_061014__daily_voting_news__.htm

diebold caught making hardware and software changes during an election without ITA certification or EAC approval.

In this case they were doing the common sense thing. Namely they
replaced a known defective part with an seemingly innocuous work-
around solution. But it's also not allowed for common sense reasons too. Changing hardware, will trigger a change in software drivers. That could be a profound change to the certification envelope of the machine. For example, even changing something simple like say one keyboard for a different one, internally can switch the "localization" drivers. These are things that customize the operating system at a very low level. it's intended to handle
language and character set variations. So that can mean different
fonts are used. Fonts can contain active code and are not just
data. Recall for example, the case of the sequoia demo where the
paper tapes did not match the screen, but only when used in spanish mode. I don't know what caused that but it could be something like a localization driver being bad but clearly never actually tested.

Diebold gets no points for doing the right thing because as usual
they did it sneaky style and thus clearly because of self interest in
not having yet another fiasco.

It a universal problem for electonic voting. Anytime there's a known
bug, it cannot legitimately be fixed in time for the election because
the backlog for re-certification can be 6 months or a year. THis
problem has come up again and again. It's not going to go away.


I just saw a promotional spot on HBO for a new documentary, "Hacking Democracy" that premieres Thursday, November 2. Website here: http://www.hbo.com/docs/programs/hackingdemocracy/index.html

This looks like a very hard-hitting piece of journalism.

Thanks for the link.
rec

should be tagged for what it is 'election fraud & vote tampering', if any election must be held again then Deibold is to pay for it & be further held completely responsible for any ill results & financially/legally accountable to this citizenry, to We The People

what a shame if it is.

As the scope of her mission grew, Harris drew on the expertise of other computer- science experts, politicians and activists, among them: Andy Stephenson, candidate for secretary of state in Washington state; Susan Bernecker, Republican candidate in New Orleans; Kathleen Wynne, an activist from Cleveland; Hugh Thompson, director, Security Innovations, Inc.; Ion Sancho, Florida's supervisor of elections; and Harri Hursti, a computer-security analyst. Academics, public officials and others seen in interview footage include: Deanie Low, supervisor of elections, Volusia County, Fla.; Mark Radke, marketing director of Diebold; David Cobb, presidential candidate, Green Party; Rep. Stephanie Tubbs-Jones of Ohio; and Sen. Barbara Boxer of California.

Via:
http://reddit.com/info/m60h/comments

"It a universal problem for electonic voting. Anytime there's a known
bug, it cannot legitimately be fixed in time for the election because
the backlog for re-certification can be 6 months or a year. THis
problem has come up again and again. It's not going to go away."

As someone who used to develop and install custom software applications for govt customers, I can vouch that formal certification proceedures are only as thorough as the people conducting them. It was often the case that procedures were "short circuited" for expediency - and surprising, it often happens at the behest of the govt customer.

This particular Diebold case is a classic example of how expediency often trumps completeness in the relationship between customer and contractor. When the product is discovered to have a serious bug and a hard milestone is rapidly approaching (like an election), the govt client often allows the contractor to implement the fixes (patches) without following-up with the complete certification procedures.

You'd think it wouldn't happen this way, that the govt would stick to it's guns and demand to re-test everything. But in the "real world", the govt often becomes vested in the success of the product they're buying... in part, this is due to the manner in which contracts are typically structured: they're NOT "cash on the barrelhead" arrangements, but rather, the contractor is paid incrementally throughout the development/delivery cycle. By the time the product is ready for certification testing, the govt has already payed the contractor a truckload of money for the development of the product - they want to see the product work, they need to see the product work - so they don't look like idiots for having purchased it in the first place. And when the govt customer has, in turn, a customer of their own waiting to use the product (like the voters) - then the system really becomes "backdriven" by the hope for a happy ending.

This leads to situations like the one detailed in the OP's link. The govt becomes so vested in the product they're buying, that they're willing to look the other way while the contractor "does what needs to be done" to fix problems with the product. It's totally wrong, but it's often SOP for govt contracting.