EXPOSÉ: Security Breaches for 'Sleepover' Voting Machines Used in Busby/Bilbray Race Invalidated, Decertified Their Use in the Election!
Posted By Brad On 14th June 2006 @ 15:11 In Busby/Bilbray,
[1] The electronic Diebold voting systems used in the special run-off election last week for California's 50th U.S. House district were effectively 'decertified' and invalidated for use in the election after [2] massive security breaches in the storage of those systems were sanctioned by the San Diego County Registrar of Voters, [3] The BRAD BLOG can now conclude.
Based on the review of several different very specific state and federal requirements, laws and provisions, the unsecured overnight storage of Diebold voting machines and their memory cards in poll workers houses, cars and garages in the days and weeks prior to the closely watched election between Republican Brian Bilbray and Democrat Francine Busby violated several federal and state provisions which, if not followed, would revoke the certification of use for the voting systems in any California election.
In the wake of discussions yesterday with SD County Registrar Mikel Haas, who admitted to [3] The BRAD BLOG that storage in poll workers' cars could not be considered secure, it has now become clear that several violations of certified provisions of use for Diebold voting machines — which have been found and confirmed in the past several months to be highly tamperable by dozens of methods and by the company's own admissions — occurred in last week's race…
When it was discovered last December, after a security examination of Diebold optical scan systems in Leon County, FL, that both op-scan and touch-screen systems made by Diebold [5] could be hacked via their memory cards — due to the presence of so-called "interpreted code" which is banned by federal voting systems standards — both federal and California officials instituted new security requirements concerning their use in elections. The violation of those requirements, as has clearly occurred in the CA-50 race, would effectively nullify their certification for use in the state of California.
Adding fuel to the concerns of the incredibly cavalier statements about the security issues related to this matter by Registrar Haas (read on below) is the fact that just last week, [6] two different elections in an Iowa Republican primary revealed that the popular incumbents — who had both apparently "lost" their races after paper ballots were optically-scanned — had in fact won their races after a subsequent manual hand-count revealed the scanners were programmed incorrectly. Those revelations, along with the [7] details of CA-50 that we have been reporting here, have led non-partisan election watchdog organization VoteTrustUSA to [8] join us in demanding that SD County prove their reported results are accurate by carrying out a full manual hand-count of all paper ballots and "paper trails" in the race.
The National Association of State Elections Directors (NASED) the national body responsible for qualifying voting systems for use on the federal level, issued [9] a warning about the severe tamperability of memory cards back on March 22nd, 2006, after the issue came to light during the December Leon County tests which revealed that exploitation of this vulnerability could be used to flip an election on a Diebold optical scan system. If exploited, the tampering would not be visible to vote tabulation witnesses and no trace of the hack would be left behind save for counting the paper ballots themselves for accuracy.
In [10] another examination by computer security professionals in Emery County, Utah in March, it was discovered that Diebold's touch-screen systems could have their entire election software, operating system and even computer firmware ("BIOS") overwritten in less than two minutes time — no password necessary — should a sing malicious user have unfettered phyiscal access to the system. Such access could then affect every voting machine used across the entire county.
The result of all of this would be that if there had been malicious tampering with these voting systems, no amount of observations of the tabulation would reveal the tampering that had occured inside the machines. Unfortunately, candidate [11] Francine Busby's own statement in regard to this matter, seems to reveal that she is wholly unaware of the incidiousness and invisibility of the points in question here and, as we'll show, the fact that the voting machines, as used in her own election, were in clear violation of the law.
As a blood sample taken at a crime scene and then stored in someone's garage for a week before delivery to the crime lab would be considered "contaminated" on its face — even if there had been no actual tampering to the sample — so must the world's most easily-hackable voting machines be considered as contaminated when such a massive breach of security in the chain of custody has taken place such as sending machines home, unprotected, with poll workers.
In light of the recently discovered concerns about the Diebold systems, the [12] security memo issued by NASED in regard to the vulnerability of the memory cards, states requirements for use of these systems which are quite clear [emphasis ours]:
1. Throughout the life of the voting system, the election official shall maintain control of all memory cards and keep a perpetual chain of custody record for all of the memory cards used with the system. Programmed memory cards shall be stored securely at all times with logged accesses and transfers.
…
Failure to comply with this addendum negates the voting system’s status as a NASED-qualified voting system.
Since NASED-qualification is just one of the many conditions for certification of use of voting machines in California, the failure described above would decertify the systems concurrently on both the federal and California state levels.
As well, the so-called [13] "conditional certification" of Diebold touch-screen systems in California, as issued by Sec. of State Bruce McPherson on February 17th, 2006 also speaks to the memory cards issues. It spells out quite clearly that the "additional security measures" in regard to those memory cards are "conditions for use in the state of California."
If violated, the systems would no longer be approved for use here. Says McPherson's certification:
Any breach of control over a memory card shall require that its contents be zeroed, in the presence of two election officials, before it can be used again
While speaking with Haas yesterday, he confirmed once again that indeed both Diebold touch-screen and optical-scan systems, containing their programmed memory cards, were sent home with poll workers in the days and weeks prior to the election.
When asked if storage in garages or cars could be considered as "secure," the SD County Registar responded directly: "No. If kept in the car it would not be considered secure. We would advise them not to do that. No."
And yet, [3] The BRAD BLOG has received, and [15] reported on, several correspondences from nearly half a dozen poll workers who have admitted that they did precisely that.
After reading the special NASED and CA requirements to Haas, and asking him for comment on whether he would therefore confirm that sending these voting machines home with poll workers had nullified their certification for use in the election, he quickly changed his tune.
So I challenged him: "But you admitted that storage in cars could not be considered as 'stored securely at all times,' as the NASED requirements demand," I said.
"No, I didn't," he said.
"Yes, you did," I replied. And after reading back to him his exact quote, he wished to modify his statement to say instead that storage in cars "may be secure, but it's not the most secure."
There are further provisions in California state Elections Code (EC 19251) which require that all voting systems not just be certified by NASED before approval for use in CA, but that they also meet all federal Voting Systems Standards. According to that statute, systems may only be certified if "The system has been both certified by Federal Authorites and meets or exceeds the voluntary standards set by the Federal Election Commission."
But [16] Section 1, paragraph 4.2.2 [WORD] of the FEC Voting System Standards of 2002 specifically ban certification for machines which contain the type of "interpreted code" which Diebold has now been forced to admit is present in all of their electronic voting machines.
"Self-modifying, dynamically loaded, or interpreted code is prohibited" says the pertinent part of those standards which should have been reason enough, upon discovery, for all Diebold systems to have their federal certification immediately revoked by NASED and the Election Assistance Commission (EAC).
After initially hiding the code from federal testers, Diebold officials were forced to admit in [17] a letter to the CA Sec. of State, that their voting machines do contain that type of code, making them easily tamperable by hackers who might gain a short time of unsupervised physical access to the machines.
"As part of contemplating the AccuBasic changes to the various voting system components," the Diebold letter admits, "we have internally discussed changes to include removing the interpreters and interpreted code."
We could go on. CA Election Code section 19205 states that the secretary of state must declare in his/her certification that the system being certified is "safe from fraud or manipulation." McPherson was unable to make that declaration in Diebold's touch-screen certification, unlike he has done in certification for other California-qualified voting systems.
When McPherson signed the so-called "conditional certification" for these system, he issued a press release crowing about the security requirements which must be met for use of the Diebold system in the state. (The very security requirements which seem to now have been violated in the CA-50 race.)
The [18] press release quoted Haas himself saying:
"I appreciate Secretary McPherson’s leadership in establishing what must be the most comprehensive and rigorous certification process in the nation. To comply with new federal and state laws regarding elections, we need a new and different set of tools and Secretary McPherson made sure we got those tools."
While stating appreciation for those "tools" it seems, based on Haas' actions in carrying out last week's CA-50 election and my subsequent conversations with him yesterday, that he's not all that concerned about actually using those "tools" in his elections.
Without getting too much further into the weeds on this issue for the moment, I'll just mention that Haas confirmed the touch-screen systems themselves were sent out without plastic security seal tape over either the power switch or the secondary external PCMCIA slot. That security breach alone would allow a would-be hacker to completely overwrite the entire system in less than two minutes with any software of their liking — with no password necessary — as revealed by the recent Emery County, UT analysis. (That full report, slightly redacted for security sake, has been [19] published here by BlackBoxVoting.org). We've [20] previously discussed the implications of that report in some detail in relation to the now-questionable CA-50 election.
But not to fear! When I asked Haas if that vulnerability alone might give him reason to be concerned about the integrity of the voting systems he then used in last week's election, he rejected the suggestion.
Since a PCMCIA card can be inserted with the necesssary files into that unsealed slot and the power button turned on (all that's needed to overwrite the software) doesn't that vulnerability trouble you, I asked him.
"I don't know….I think it's highly improbable," he said.
"Improbable?" I wondered. "I'm not asking if it's probable or not, but if it's possible…"
His reply blew me away: "I don't think so, because you'd have to want to commit a felony, which knocks out most of our poll workers."
(Pausing here for effect to let you think about that.)
When I mentioned several cases were poll workers recently have been indicted for election fraud, he stated he was unaware of any such cases. I pointed him towards [21] three officials recently indicted in Cuyahoga County, OH and explained the situation to him. He was unphased and seemingly uninterested.
"I'm sure they could stick something in the system…Whether it's detectable or not, I'm pretty sure that it is. But again, you're tampering with election equipment, so it seems unlikely."
As well, Haas refused to recognize that there are millions, and perhaps billions of dollars, riding on such elections. If you were a poll worker who had a few machines in your garage (and it takes just one to potentially invalidate and/or flip the entire system for an entire county) and you were told, "Hey, why don't you leave your garage door open for a half hour and go get some lunch — could be a million dollars in it for ya." Would you take such an offer?
After explaining how the optical-scan systems can be so easily flipped, without a trace left behind except for actually counting the paper-ballots, Haas flippantly replied, "It's a good thing we're not gonna use optical scan anymore." A cavalier reference to San Diego County's plans to go "all touch-screen" for this November's general election.
His responses during our conversation alone are enough for any sane citizen who gives a damn about democracy to declare "No Confidence" in any election run under such conditions by Registrar of Voters, Mikel Haas.
You can now share your feelings about that with him, and Busby both, via this [22] petition calling for a full manual hand-count of the ballots and paper trails in the CA-50 race.
18 Comments To "EXPOSÉ: Security Breaches for 'Sleepover' Voting Machines Used in Busby/Bilbray Race Invalidated, Decertified Their Use in the Election!"
#1 Comment By Catherine a On 14th June 2006 @ 15:24
Thanks to the link for the petition for a manual recount of all the ballots. SD County Registrar Mike Haas is unbelievably uninformed about the voting machines in his care. In light of the Hursti II report it seems outright negligent for him to allow those machines to go home with poll workers (or to be used at all). He is an embarrassment to his profession.
#2 Comment By Ram On 14th June 2006 @ 15:44
My head hurts! How can so many people still be so stupid about this process?
#3 Comment By Robert Lockwood Mills On 14th June 2006 @ 15:55
I hope I'm wrong, but Francine Busby looks to me like a John Kerry clone. She DOESN'T GET IT! Democrats who concede because they can't imagine they've been victimized by fraud are almost as bad as the people who commit fraud themselves. Earth to Francine: McPherson isn't going to proclaim you the winner, because to do so would be admission that he doesn't get it, either. Can you possibly understand that?
#4 Comment By agent99 On 14th June 2006 @ 16:03
Petition for a hand count? Doesn't this automatically make one mandatory? When do the police get called?
#5 Comment By big dan On 14th June 2006 @ 16:13
Well, well well!!! Any comments, kook-aid drinkers? Nah...not under this article...
#6 Comment By big dan On 14th June 2006 @ 16:15
Lou Dobbs: let's get moving on this story, I know you're reading this. Brad, when are you going to be on Lou Dobbs??? I said, this Busby/Bilbray is important, because it's a test to see what the GOP and voting machine companies can get away with in a blue state before the Nov. 2 elections.
#7 Comment By oldturk On 14th June 2006 @ 17:14
These election administrators are operating in the blind and they know it. They have no product knowledge of these e-voting machines and could give a hoot. They are looking for an easy way to tabulate the vote,.. push a few buttons,... let the machine do all the work to tabulate our votes. We have entrusted them to honestly and accurately add up our votes. They have taken the easy way out and outsourced the vote count to private concerns who are more than willing to contaminate the process. They don't give a damn about exactitude of the vote count. These electronic voting machines are totally undependable. They have made a mockery of democracy and left it in shambles.
#8 Comment By Anonymous On 14th June 2006 @ 17:20
I think it's worthwhile to provide a link to the CA Secretary of State's site which describes the process by which anyone can file a complaint about an election. ss.ca.gov The Velvet Rev. site is only calling for a recount of the Busby/Bilbray election, but *all* of San Diego county's elections were compromised. Our biggest concern needs to be preventing this from happening in November.
#9 Comment By Floridiot On 14th June 2006 @ 17:36
RLM, she doesn't look like Kerry, but yes she does not get it :) I'm going to shove my link up everyones butt until they all do though. This is a war for the minds of the sheeple, and they are winning until their modus operendi is exposed [23] please read all of this (on lookup, I found out I can buy an operendi on E Bay)
#10 Comment By JUDGE OF JUDGES On 14th June 2006 @ 17:40
The Dems have let republicans get away with so much for so long that it has become "SPORT" to see what crime they will pull off next and how they will rationalize it . . . ? ? ? Human Nature or by-design or both ? ? ? To Be Continued Next Week . . . . .
#11 Comment By Lisa B On 14th June 2006 @ 19:01
People from SD-50 need to sue. That is the only way anything is going to be done. I hope someone who lives there steps up to the plate. Good luck, I'll be watching.
#12 Comment By pb On 14th June 2006 @ 19:13
I posted this in an earlier report about an letter that left Sounds pretty weak to me. I think Busby, despite the marginal difference, should take a stand and investigate the vote anyway. If there is a discrepancy, then let it be found _NOW_ instead of waiting until next time. Beat it into the ground and then beat into the ground again. This is not the time to roll over and just accept what you are given. I am sick of that attitude. If she is going to represent the people and the people are calling for a recount, then demand a recount. Fool me once shame on you, fool me twice shame on me comes to mind. Always challenge authority. Always challenge the people above you. Just because someone is in a position of power does not mean that they know better (see President Bush). Everyone is prone to mistakes, and no one is incapable of lieing or cheating. Stand up, speak out and always always always demand truth. That is my message to Busby. I want her in office just as bad as everyone else. This country needs some leadership, some heroes or at least something to be proud of. I put full blame on Busby. If she wants to roll over, then I dont want her in office. This would just be a foreshadow of her cowardice in office. I want someone in office who is going to stand up for the people, not one who is going to roll over whenever she is attacked. This isnt the school board anymore honey, this is the big leagues. Stand up and fight!
#13 Comment By gtash On 14th June 2006 @ 19:15
Agent 99 has it right: when are you allowed to call the police? Brad, you've invested a lot into this story and electronic voting machines generally, but can you answer this basic question of 99's? What does it take to press charges? Is it theft? or "theft of a sort" which isn't really a crime? How do you measure damage to a voter? Isn't there somewhere here a basic civil rights violation?
#14 Comment By JStraight On 14th June 2006 @ 20:14
BRAD Look at the top of the photo of the Diebold TSx machine--there is no security lock/tie through the holes at the top of the doors to the machine. Did San Diego County use security tape across the doors instead? Not that any of this REALLY matters anyway when all it takes is a screwdriver (on six screws) to gain immediate access to the machine and our democracy.
#15 Comment By citizenspook On 14th June 2006 @ 20:24
RANDALL SAMBORN INDICATES FITZGERALD’S PLAME INVESTIGATION MAY HAVE BEEN SHUT DOWN citizenspook.blogspot.com
#16 Comment By Grace On 14th June 2006 @ 20:27
The whole USA should move to VOTE BY MAIL like we do in Oregon!!! The California vote should be invalidated. WE WANT A RE-VOTE! WE WANT A RE-VOTE! WE WANT A RE-VOTE! WE WANT A RE-VOTE! WE WANT A RE-VOTE! WE WANT A RE-VOTE! WE WANT A RE-VOTE! WE WANT A RE-VOTE! WE WANT A RE-VOTE!
#17 Comment By Brad On 14th June 2006 @ 20:40
GTASH (& Agent99) asked:
can you answer this basic question of 99's? What does it take to press charges? Is it theft? or "theft of a sort" which isn't really a crime? How do you measure damage to a voter? Isn't there somewhere here a basic civil rights violation?
Several legal options exist. Amongst them, a contest may be filed by any California elector (that would include me) and a recount may be requested by any California elector (that would also include me). Both options will cut many bucks which I don't have, of course, but might be able to raise here. First though, San Diego County should do their job and count the damned things themsleves before we've got to start coming up with money to make them do their damned jobs!
#18 Comment By EconAtheist On 14th June 2006 @ 20:57
Un-fucking-believable. [shaking head; well past the point of 'dismay']
Article printed from The BRAD BLOG: bradblog.com
URL to article: bradblog.com
URLs in this post:
[1] Image: bradblog.com
[2] massive security breaches: bradblog.com
[3] The BRAD BLOG: bradblog.com
[4] The BRAD BLOG: bradblog.com
[5] could be hacked: bradblog.com
[6] two different elections in an Iowa Republican primary: votetrustusa.org
[7] details of CA-50 that we have been reporting here: bradblog.com
[8] join us in demanding: votetrustusa.org
[9] a warning: nased.org
[10] another examination: blackboxvoting.org
[11] Francine Busby's own statement: bradblog.com
[12] security memo issued by NASED: nased.org
[13] "conditional certification" of Diebold touch-screen systems in California: ss.ca.gov
[14] The BRAD BLOG: bradblog.com
[15] reported on: bradblog.com
[16] Section 1, paragraph 4.2.2: eac.gov
[17] a letter to the CA Sec. of State: ss.ca.gov
[18] press release : ss.ca.gov
[19] published here by BlackBoxVoting.org: blackboxvoting.org
[20] previously discussed the implications of that report: bradblog.com
[21] three officials recently indicted in Cuyahoga County, OH: bradblog.com
[22] petition calling for a full manual hand-count: velvetrevolution.us
[23] please read all of this: bradblog.com
rawstory.com |
