Election Integrity News - May 18, 2006

This Week's Quotes: "It's the most severe security flaw ever discovered in a voting system," said Michael I. Shamos, a professor of computer science at Carnegie Mellon University...

"This is the barn door being wide open, while people were arguing over the lock on the front door," said Douglas W. Jones, a professor of computer science at the University of Iowa...

Comments from computer science experts on the security flaw in Diebold touchscreen voting systems. From The NY Times, May 11, 2006

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Actions to Take Now

Nationwide: Support Emery County UT Clerk Bruce Funk

National: Pass HR 550 As Written!

National: Say No to Prohibited Software in Voting Machines!

Pennsylvania: Support HB 2000 and S 977

In this issue ...

National Stories

Reversing Course on Electronic Voting

Lawsuit Against Arizona Secretary of State to Halt Use, Purchase of Diebold, Sequoia Touchscreens

New York Times on New Diebold Touch Screen Security Disaster

Diebold's Deliberate Security Vulnerability

Voting glitch said to be 'dangerous'

News From Around the States

Lawsuit Against Arizona Secretary of State to Halt Use, Purchase of Diebold, Sequoia Touchscreens

PA State 'Directive' on New Diebold Security Hole Identical to Diebold's Inadequate 'Notification'

At It Again: Diebold Ships Uncertified Machines to Florida

Texas: ES&S "Vendor Bender" in Wichita Falls Election

ES&S Meltdown: West Virgina Files Formal Complaint with Feds

New Jersey: Sequoia and Essex County-The Outrage Continues

___________________________
Click Here for Previous Issues
Subscribe to Election Integrity News!
Put the Election Integrity News on your Website or Computer with our RSS Newsfeed

E-VOTING TRAIN WRECK 2006: The Wheels Begin to Come Off Diebold As ES&S Meltdown Continues

New from Daily Voting News - DVN Top 5 of the Week
Contributed by John Gideon, www.VotersUnite.Org and www.VoteTrustUSA.Org
May 15, 2006
Yes, the wheels are wobbling on the locomotives. The vendors --ES&S, Diebold, and the rest -- attempt to keep a stiff upper lip as they both fail to perform, yet continue collecting tax-payer dollars from the county election coffers. Meanwhile some elections officials have just turned a blind-eye to what is happening while they continue to make excuses for their vendors: The private corporate American Electronic Voting Machine behemoths that are being paid to take over America's Public Electoral system. And the Election Assistance Commission (EAC) which was put in place by the Help America Vote Act (HAVA), theoretically, to keep all of this from occurring? Well, all they do is raise their hands and shrug and tell anyone who asks that they don't do voting systems certification so they just don't know anything. The Sergeant Schultz Defense, perhaps· And the corporate media? It took the announcement of a huge security chasm with the Diebold TS and TSx touch-screen machines for them to finally wake up and realize the voters in our country may like to hear a bit about what is happening with their elections. Of course, each media outlet spins it in their own way. The Wall Street Journal, reported on the Diebold issue with little or nothing from the computer scientists while overloading their article with plenty of misinformation from Diebold and their showcase state of Maryland. The New York Times did a good job of reporting both sides. The Rev. Moon's United Press International joined the WSJ in mis-reporting and giving their pro-corporate, pro-electronic bias spin. But, hey! The media has woken up a little. Let's hope they will now sit up and take notice and not go back into hibernation. This next Tuesday we have three more states holding primary elections. Oregon, Kentucky and Pennsylvania are the next locomotives on the tracks. Pennsylvania is of special concern because of the number of ES&S and Diebold counties and the fact that this is the first election to be held on new electronic voting machines in almost every county.
Read more...

National Stories

Reversing Course on Electronic Voting
By Jeanne Cummings, The Wall Street Journal, May 12, 2006

Some Former Backers of Technology Seek Return to Paper Ballots, Reversing Course on Electronic Voting Citing Glitches, Fraud Fears

This article was originally published in the Wall Street Journal

WASHINGTON -- Some advocates of a 2002 law mandating upgrades of the nation's voting machinery now worry the overhaul is making things worse.

With the 2006 midterm elections approaching, proponents of the Help America Vote Act are filing lawsuits to block some state and election officials' efforts to comply with the act.

The Help America Vote Act called for upgrading election equipment to guard against another contested outcome such as the 2000 presidential vote. Among the flaws in balloting almost six years ago were antiquated hand-operated voting machines and punch-card ballots that were difficult to read. To redress that, members of Congress pushed for modernization, which could include touch-screen voting machines, on which ballots are cast and recorded solely electronically. At the time, the electronic voting machines were seen as a reliable contrast to the older technology.

The lawsuits -- nine so far -- coincide with a stampede by state and county officials to spend $3 billion allocated by Congress to help pay for upgrades. To comply with the Help America Vote Act, a number of states and dozens of counties purchased touch-screen voting machines. The deadline for spending the money is tied to each state's 2006 primary dates.

Arizona was sued this week over such purchases and Colorado election officials are likely to be sued next week.

The Arizona lawsuit seeks to block the purchase of electronic-voting machines that critics say are vulnerable to fraud and prone to inaccurate tabulations. Another complaint is that it is more difficult to recount ballots cast on electronic-voting machines than paper ones. Click here to read the full article in the Wall Street Journal....

New York Times on New Diebold Touch Screen Security Disaster
New from Vendors - Diebold
By Brad Friedman, The Brad Blog May 12, 2006

This article was originally posted on the Brad Blog.

(Welcome Aboard the E-Voting Train Wreck, NY Times!)

At the same moment the Wall Street Journal jumped in, the New York Times finally gets on board the E-Voting Train Wreck with a much better piece, also for tomorrow's edition, covering the latest Diebold touch-screen security vulnerability (which WSJ didn't touch). The one that is now officially rocking the e-vote from coast-to-coast.

The Times coverage basically comes down to E-Voting Security Specialists and Computer Scientists versus Diebold Spokesmen and their Apologists who've put their careers on the line to support these machines after signing off on million dollar contracts for them.

Here's the scientists quoted from the article [emphasis ours]:

"It's the most severe security flaw ever discovered in a voting system," said Michael I. Shamos, a professor of computer science at Carnegie Mellon University who is an examiner of electronic voting systems for Pennsylvania, where the primary is to take place on Tuesday. [ed note: Shamos has been an E-voting proponent in the past, and is the top examiner for the systems in PA]
...
"This is the barn door being wide open, while people were arguing over the lock on the front door," said Douglas W. Jones, a professor of computer science at the University of Iowa, a state where the primary is June 6.
...
Aviel Rubin, a professor of computer science at Johns Hopkins University, did the first in-depth analysis of the security flaws in the source code for Diebold touch-screen machines in 2003. After studying the latest problem, he said: "I almost had a heart attack. The implications of this are pretty astounding."

Diebold's Deliberate Security Vulnerability
New from Vendors - Diebold
Contributed by John Gideon, Information Manager, VoteTrustUSA, Executive Director, VotersUnite.org May 12, 2006

Experts Agree: 'It's the Most Serious Security Breach Ever Discovered in a Voting System"

3 States Issue Mitigation Plans, Georgia Ignores The 'Black Hole'

This article was originally posted at The Brad Blog.

As was expected the corporate media picked-up the latest in Diebold's sordid story -- which we reported first here last Friday -- with articles by Ian Hoffman yesterday and today and even the Associated Press stepped in as well.

Unfortunately the headline of Hoffman's article yesterday characterized the security hole as being a 'glitch'; which this certainly is not. It is also not a 'flaw' as it was characterized by today's Hoffman and AP articles. (Ed note: Hoffman has been very good at reporting on all of these related stories, so we don't wish to be overly critical of him, but rather point out the inaccurate characterization.)

This is a 'feature' that was knowingly installed by Diebold. It was not a mistake or something that was overlooked in the design of the software. It is not a 'bug', 'glitch', 'flaw', 'error in programming' or any other simplistic name. Michael Shamos, a Carnegie Mellon University computer science professor and veteran voting-systems examiner for the state of Pennsylvania has said this:

"It's the most serious security breach that's ever been discovered in a voting system. On this one, the probability of success is extremely high because there's no residue.... Any kind of cursory inspection of the machine would not reveal it."

Johns Hopkins University computer science professor Avi Rubin, who published the first security analysis of Diebold voting software in 2003 had this to say:

"I think it's the most serious thing I've heard to date. Even describing why I think its serious is dangerous. This is something that's so easy to do that if the public were to hear about it, it would raise the risk of someone doing it. ... This is the worst-case scenario, almost."
Read more...

Voting glitch said to be 'dangerous'
New from Vendors - Diebold
By Ian Hoffman, The Argus May 10, 2006

This article was originally published on Inside Bay Area. It is reposted by permission of the author.

Elections officials in several states are scrambling to understand and limit the risk from a "dangerous" security hole found in Diebold Election Systems Inc.'s ATM-like touch-screen voting machines.

The hole is considered more worrisome than most security problems discovered on modern voting machines, such as weak encryption, easily pickable locks and use of the same, weak password nationwide.

Armed with a little basic knowledge of Diebold voting systems and a standard component available at any computer store, someone with a minute or two of access to a Diebold touch screen could load virtually any software into the machine and disable it, redistribute votes or alter its performance in myriad ways.

"This one is worse than any of the others I've seen. It's more fundamental," said Douglas Jones, a University of Iowa computer scientist and veteran voting-system examiner for the state of Iowa.

"In the other ones, we've been arguing about the security of the locks on the front door," Jones said. "Now we find that there's no back door. This is the kind of thing where if the states don't get out in front of the hackers, there's a real threat."

The Argus is withholding some details of the vulnerability at the request of several elections officials and scientists, partly because exploiting it is so simple and the tools for doing so are widely available. A Finnish computer expert working with Black Box Voting, a nonprofit organization critical of electronic voting, found the security hole in March after Emery County, Utah, was forced by state officials to accept Diebold touch screens, and a local elections official allowed the expert to examine the machines.

Black Box Voting was to issue two reports today on the security hole, one of limited distribution that explains the vulnerability fully and one for public release that withholds key technical details.

The computer expert, Harri Hursti, quietly sent word of the vulnerability in March to several computer scientists who advise various states on voting systems.

At least two of those scientists verified some or all of Hursti's findings. Several notified their states and requested meetings with Diebold to understand the problem.

The National Association of State Elections Directors, the non-governmental Read more...

Lawsuit Against Arizona Secretary of State to Halt Use, Purchase of Diebold, Sequoia Touchscreens
New from States - Arizona
By Brad Friedman, The BradBlog May 10, 2006

Motion Demands Preliminary Injunction, Alleges E-Machines Are Not Secure, Not Fully Accessible to Disabled Voters
Suit is latest in growing line of similar actions being taken around the country

This article was posted on The Brad Blog. It is reposted here with permission of the author. John Gideon contributed to this report.

A group of Arizona voters have filed a Motion for Preliminary Injunction against Sec. of State Jan Brewer to halt the purchase of electronic touch-screen voting systems in the state made by both Diebold, Inc. and Sequoia Voting Systems.

The voters announced today that the motion was being filed in time to stop the use of the Diebold TSx and Sequoia Edge II systems in the state's upcoming 2006 elections, due to security, verifiability, and disability access problems with these systems.

In addition to the litany of security issues concerning Diebold's TSx, details from the most severe one to date were just revealed publicly last Friday with more chilling details filed in the Oakland Tribune by Ian Hoffman today, the suit also contends the machines, being purchased and implemented in many Arizona counties for the first time this year, are accessible only for a small number of voters with disabilities. Read more...

PA State 'Directive' on New Diebold Security Hole Identical to Diebold's Inadequate 'Notification'
New from States - Pennsylvania
By Brad Friedman, The Brad Blog, May 15, 2006

This article was originally posted at The Brad Blog.

"It is like the nuclear bomb for e-voting systems," said Avi Rubin, computer science professor at Johns Hopkins University. "It's the deal breaker. It really makes the security flaws that we found (in prior years) look trivial."
-- From Security Focus, 5/12/06

Pennsylvania officials warned local election registrars last week about the vulnerability in the mechanism that installs and upgrades software on Diebold equipment. It said the risk of the vulnerability being exploited was "low".
-- From AP, 5/11/06

The first graf above, quoting Rubin, comes from a superb and indepth article by Robert Lemos at Security Focus on the latest Diebold security disaster. We recommend his report for a host of reasons, amongst them; his broad coverage of dozens of the stories we've yelled and screamed about here at The BRAD BLOG over the past several months, but also because he adds loads of details to the latest Diebold mess which is finally being picked up by the mainstream media. Big time. (Here's an eye-popping compilation of scores of articles from just last Wednesday, Thursday and Friday, with many more to come.)

We point to Rubin's quote -- similar to on the record statements from of the other computer scientists and e-voting security professionals familiar with the details of the built-in "feature" in Diebold's touch-screen systems now revealed to be an extraordinary security vulnerability -- by way of contrast to the way both Diebold and the State of Pennsylvania (and subsequently the bulk of the media) reported their characterization of the problem. That would be the second graf of this story in which AP quotes PA officials describing the risk as "low."

From Diebold's Mouth to Your Ears...

We're often asked, by media folks and others, why it is that Election Officials seem to stand by their E-Voting Machines and Vendors, such as Diebold, ES&S and others, instead of holding them accountable and independently verifying their (usually unsupported) claims about the security and reliability of their voting machines -- as Leon County, FL Supervisor of Elections, Ion Sancho and Emery County, UT County Clerk, Bruce Funk, both rare exceptions -- did. Read more...

At It Again: Diebold Ships Uncertified Machines to Florida
New from Vendors - Diebold
By Joan Krawitz May 12, 2006

Before there's time to digest the news that Diebold's touchscreen voting machines come pre-equipped with a wide-open back door, comes the news that they're still shipping uncertified machines -- this time to Florida.

From AP May 12, 2006...

Five Florida counties get uncertified voting machines

ORLANDO, Fla. - Five counties received new touch-screen voting machines that weren't certified for use in Florida because they were upgraded without approval from state officials, officials said.

The Diebold Election Systems machines were delivered in Volusia, Polk, Leon, Putnam and Glades counties with memory, processor, display and other improvements.

More from the Daytona Beach News-Journal...

Touch-screen voting devices not certified

DELAND -- A funny thing happened when Volusia County elections officials fired up their new touch-screen voting machines -- they discovered the equipment wasn't certified by the state.

Diebold Election System shipped upgraded models -- 210 of them -- not yet verified by the Florida Division of Elections.

Do you think it's time that Diebold suffered some serious consequences for the clear and present danger their products present to the security and integrity of our elections?

...CONTACT...
United States Election Assistance Commission
1225 New York Avenue N.W., Suite - 1100
Washington, DC 20005

Telephone: (202) 566-3100
Toll Free: (866) 747-1471
Fax: (202) 566-3127
E-mail Address: HAVAinfo@eac.gov

Texas: ES&S "Vendor Bender" in Wichita Falls Election
New from Vendors - Election Systems and Software (ES&S)
By Joan Krawitz May 14, 2006

While new revelations about the insecurity of Diebold touchscreen voting machines hit the national media this week, ES&S continues to pile up a record of unkept promises in counties across the country.

In Texas, the Times Record News reports what it calls a "vendor bender" as the Wichita Falls City clerk blames ES&S for Election Day difficulties .

"And according to City Clerk Lydia Ozuna the blame rests firmly on the shoulders of Election Systems and Software, the county's election vendor.

Election results in the joint election were delayed until 11 p.m. Saturday because of problems involved with using two forms of ballot technology, Ozuna said.

...
Early voting began with paper ballots. The backdated form of voting was required because ES&S did not supply the information necessary to program electronic voting machines.

The machines were used in the last two days of early voting and on Election Day.

...
All problems originated at ES&S, Ozuna said.

Paper ballot returns had to be manually entered into a computer to obtain the total results from early voting and Election Day. Ozuna said the process was very time consuming and complicated.

...
If ES&S had provided optical scan ballots - similar to Scantrons - these problems could have been avoided, she said.

"Zoom, zoom. It would've been done," she said.

Besides a delay in ballot counting, Ozuna said she had received calls about difficulties with the electronic voting machines. Poll workers called in saying the machines were not working properly.

ES&S Meltdown: West Virgina Files Formal Complaint with Feds
New from Vendors - Election Systems and Software (ES&S)
Contributed by John Gideon, Information Manager,VoteTrustUSA & Exec. Director VotersUnite.org May 10, 2006

Sec. of State, Formerly an ES&S Supporter, 'More than Upset About Broken Promises' by Country's Largest E-Voting Company

Just hours ago Betty Ireland, the Secretary of State of West Virginia filed a formal complaint against ES&S with the federal Elections Assistance Commission. A story in the State Journal quotes Secretary Ireland:

"I am more than upset that or county clerks and their staffs and county commissions had to withstand stress and anxiety over the broken promises and delays ES&S put them through".

"And, Ireland says, now that the election is over, strategy talks about the problems with Election Systems and Software will begin...but, "We will not and cannot discuss publicly our legal strategy. As before, we continue to work with the Attorney General's Office to address our options"."

"The state's selection committee chose ES&S because of it's past service in the state and it's knowledge of West Virginia election deadlines and procedures. Ireland says, "Unfortunately, we now feel ES&S let West Virginia down"."

There have been failures all over the state. A small sampling of problems gives us:

Taylor County's votes could not be counted last night because the main computer would not read tabulators from individual voting machines.

Upshur County's counter was in such bad shape that as of midnight the county was trying to get a similar machine from a neighboring county

Mineral County's optical scan ballot counter was producing skewed results

Ohio County could not count about 800 absentee votes because it was not given the equipment to do so

- and Ð

Clay, Gilmer, Greenbrier, Putnam, McDowell and Webster that all violated provisions of the Help America Vote Act of 2002 when they were not able provide any voting machines for their voters with disabilities.

New Jersey: Sequoia and Essex County-The Outrage Continues
New from States - New Jersey
By Katherine Joyce, New Jersey DFA May 11, 2006

Why did Essex County this week approve emergency funds to pay Sequoia Pacific an additional $120,000 to remedy a problem Sequoia itself caused by failing to meet contractual obligations? This is a question Essex County's ad hoc Task Force on Voting has been asking itself all day.

The Task Force began the struggle against the purchase of Sequoia Advantage DRE voting machines a full year ago. After succeeding in delaying approval of the county's contract with Sequoia from May 2005 through November (cynics may wish to note the contract was approved at the first Freeholder meeting after election day), the fight seemed lost.

All of the information provided to Freeholders and the Election Superintendent in Essex pointed to a number of important facts about these new machines: Read more...

~~~~~~~~~~~~
Election Integrity News Editor: Warren Stewart
VoteTrustUSA Statement of Principles
Please forward Election Integrity News to your friends!