Black Box Voting: A beginner's summary -- Now you, too can get involved! [View All]

Many at DU have not yet become familiar with the issue, because it has many facets, some of which are technical. DU has been an excellent sounding board for this investigation, but if you jump in late it can be confusing.

Perhaps now is a good time to do a beginner's summary. Please weigh in with your thoughts.

1. Secrecy: What has always been a transparent process, subjected to many eyes and belonging to all of us, has very recently become secretive and proprietary. This happened when voting systems, which should be considered part of the "public commons" were turned over to private companies. These companies now assert that the process underlying the vote must be held secret from the voters.

- No voter, no citizens group, not even any academic group of experts is allowed to examine a voting machine.

- Likewise, citizens, academics and voters are not allowed to examine the software that tells the computer how to count and tally the votes.

- In addition, the process of voter registration is now going to private, proprietary and secret software.

2. Ownership: When a system that belongs to the public becomes secret, it becomes doubly important to make sure we can completely trust those who run it. Because voting systems have recently become proprietary secrets, we began to ask whether we can trust those who run these companies.

- Voting machine companies are not required to tell us who owns them.

- Several voting machine companies have been as secretive about ownership as they are about their voting systems.

- Two of the top six firms have been foreign-owned: Election.com, owned by the Saudis until an acquisition by Accenture a few weeks ago, and Sequoia, now owned by DeLaRue (Great Britain) formerly owned by Jefferson Smurfit (Ireland).

- Three of the top six firms have owners and/or directors who represent vested interests:

--- Election Systems & Software, the largest company. Main owner is a company owned by Senator Chuck Hagel's campaign finance director, Michael McCarthy. Hagel has owned shares in both the voting company itself and in the parent company run by his campaign finance director, and Hagel was the CEO and Chairman of the voting machine company while it built the machines that counted his votes.

--- Diebold, the second voting machine largest company. CEO is Wally O'Dell, who recently visited George W. Bush at his Crawford ranch along with an elite group of Bush supporters called the "Rangers" (formerly called the "Pioneers") where they set strategy on how to help him win the next election. Days later, he penned a letter to Ohio Republicans promising to help "deliver the votes" for Bush. O'Dell sponsored a $600,000 fund raiser for Dick Cheney in July. Diebold director W.H. Timken is also a Bush Pioneer/Ranger

--- VoteHere, the company striving to get its cryptography software into all the other companies' machines (already has a contract with Sequoia), has as its Chairman a close Cheney supporter and member of the Defense Policy Board, Admiral Bill Owens. The SAIC, an "independent" firm doing an evaluation of Diebold security for the states of Maryland and Ohio, has Owens as it's Vice Chairman. Former CIA director Robert Gates, who heads the George Bush School of Business, is also a director.

- Voting companies also have a somewhat incestuous group of key players -- Todd Urosevich and Bob Urosevich founded ES&S, but Todd now is an executive with ES&S while Bob is president of Diebold Election Systems. Sequoia and ES&S share software and optical scan machines.

3. Disabling the safeguards: Voting systems have always had people trying to rig them, with varying degrees of success. Here is what has changed:

- The scale of potential vote-rigging has suddenly grown much bigger: Whereas it used to be that one had to run around bribing someone to shave the wheel on each lever machine, or collect up ballot boxes, stuff them in a trunk and do something dastardly, nowadays a programmer can, essentially invisibly, create a back door into the vote system for millions of votes at once. Whereas vote-rigging has always required physical access before, modems and wireless communications devices now open up possibilities for remote vote rigging that no one can observe.

- The audit trail is being taken away: An audit is simply the act of comparing two independent data sets that are supposed to match. Probably the most important understory to the voting issue right now is this: The voting industry is spending literally millions of dollars, and going through amazing feats of contorted logic that can best be described as marketing gymnastics, to convince us that we should discontinue proper auditing. The key words here are INDEPENDENT sources of data which should be compared. Instead, they want us to eliminate the ballot which you verify, and trust the secret system sold to us by manufacturers, without the ability to audit it using any independent means.

Even with the optical scan machines, which retain a paper ballot, states are now passing laws to prevent us from looking at the paper ballot to use it for a proper audit.

- Methods of access are changing: One key to election security is to reduce physical access to the votes. We've done this in various ways before; the typical attack point was always in the transfer of the votes from polling places to the county office. For this reason, the most secure paper ballot systems, in places like Canada, France, and Germany, require counting right there at the polling place. That also gives another security function: the "many eyes" method of security.

Computer technology can allow people to gain access using remote methods. Right now, you are reading this on the Internet. You have remote access to the forum at Democratic Underground. Imagine if the wrong people can gain remote access to view the votes as they come in. It would be much worse, if remote access allows them to write data into the vote system.

- Programmer access: One thing we've never had until we got electronic vote-counting (which includes touch screens and optical scan machines, and punch card tabulation as well), is software programming errors. A lever machine can be tampered with, but you don't have any software programming errors with it. Incorrect software programming has now been identified in at least 112 elections, often flipping the race to the wrong candidate, even when the election was not close.

No one knows how many elections have actually been misprogrammed, and as we remove the paper ballots, no one will ever know. We do know that incorrect programming producing errors as high as 25 percent is not uncommon, and software programming errors have been documented as high as 100 percent, and in one small Iowa county, a single machine miscounted by 3 million votes.

Incorrect software programming can take two forms: Accidental or deliberate. Either one takes away our right to have our vote counted as we cast it.

4. Secret certification and testing, which gives a passing grade to flaws -- The whole reason we are supposed to accept secret software and secret ownership is that, we're told, these systems go through extensive and rigorous certification and testing. However, this turns out not to be the case.

First of all, the certification officials refuse to say what tests they do, even when sent official questions by the California Task Force on Electronic Voting, which includes Dr. David Dill and other experts. We are told we cannot ask them any questions, and all questions must be asked of R. Doug Lewis.

Second, this person named R. Doug Lewis, who is unelected (no one quite know what his credentials are or who hired him) -- well he refuses to answer questions either.

Third, the testing that supposedly takes place at the state level quickly falls apart. It turns out that the states generally do not look at the secret programs at all; they simply ask some routine questions ("Can you vote more than once? How hard is it to set up?") and the states do a "logic & accuracy test" in which they set the machine to "test" mode, put in some test ballots, and if it counts right, they call it good. This will not detect fraud, and has proven to miss huge software programming errors quite often, but everybody feels good when they say "we do an l&a test and you, too, can watch."

====================================

What's the big deal with Diebold?

We have no reason to believe that any of the other secret, proprietary systems are any better than Diebold. The reason that Diebold has come under such scrutiny is that, for the first time ever, citizens have gotten the opportunity to examine one of these secret systems.

The reason we've been able to examine the Diebold system is that they left 40,000 files on an unprotected web site. Why did they do this? You'd have to ask Diebold.

- At first, they said that no one used those files and people didn't download files from that site and put them on voting machines.

- Then they said that maybe people used them but it was a few files and they were years old. (When they said this, the most recent file had been put on that site just 12 days earlier.)

- Then they said that some of the material was used, but it was over a year old.

- Now they are admitting that it was a huge security mistake.

What has the examination of Diebold revealed so far?

- Rob-Georgia and unexamined patches: With so many files, it was hard to know where to start. However, within 15 minutes we knew there was a problem: On the web site was a file called "rob-georgia.zip" which instructed the user to replace voting machine files with new ones.

While some on this list have contended that putting replacement files on voting machines without certifying the changes is legal, I now have my hands on an internal Diebold document that shows they were aware that making any modifications without going through certification again was illegal in Georgia. Because we now know that all 22,000 machines in Georgia were given program updates taken off the unprotected web site, not once, but several times, and that no one certified any of these, we contend that Diebold broke the law.

- Overwriteable passwords and easy to fake audit logs: We have now shown that it is easy to substitute your own password for the administrator password, and although an "audit log" is supposed to document every event, you can easily change it.

- Sloppy software programming and incorrect encryption A report by Johns Hopkins and Rice University computer security experts shows that the software is riddled with flaws. One of the four researchers was later shown to have a conflict of interest, but the flaws the four programmers identified have also been identified by others -- in fact, right here at DU, weeks before they published that report!

One of the flaws they identified has been confirmed by many people: At the polling place, everyone uses the same supervisor password, which is 1,1,1,1. They all use the same one because someone hard-wired it into the code and the election officials can't change it! One voting machine examiner was livid when he saw this; he had identified the same flaw five years ago and ordered them to fix it, but they didn't.

- Weak physical security and questionable practices regarding remote access Recently a file was found which shows that mid-day tallies were collected in San Luis Obispo County. It is illegal to show a tally before the polls close, but this tally was placed on the Diebold web site. Why it was there at all has not been satisfactorily answered. It seems likely that it was placed there on election day, since the file was tagged with the name "sophia" and a Diebold employee named Sophia was present on election day, but returned to Canada afterward.

In this case, the county elections official swear they did not put the file there, that no one but them was allowed access to the only computer that could produce this report, and that they did not authorize Sophia to put the file there. Sophia also denies that she put it on the web site. The fact remains, somehow a file was removed from the county computer and placed on a Diebold web site, apparently on election day; it contained mid-election tallies and no one will admit who put it there. So much for bulletproof security surrounding the computers.

===========================

Where do we go from here?

1. Certification: Now we are working on getting documentation as to whether the systems used in the last general election were certified at all. If not, we contend that the companies that used uncertified systems should be barred from bidding on new contracts, and the officials who allowed them to be used should be held accountable.

2. Legislation: HB 2239, by Rush Holt, is a good thing to get behind. It requires voter-verified paper ballots, eliminates remote access mechanisms like modems and wireless cards, and requires using the paper ballots for proper auditing. But watch out. Another bill, 2289 (? doing this from memory, is this the right number?) appears to do the right thing, but actually does the wrong thing.

Watch wording carefully when you push for these bills -- do everything you can to pass 2239, but the other actually does an end run around paper ballots. There is a movement by VoteHere, the manufacturer with tight connections to the defense industry, to shift away from paper ballots in favor of cryptography. That is not a sufficiently transparent or trustworthy system, in my opinion.

Okay, so there's the primer. Hope this doesn't bore anyone, but I keep seeing people saying they've gotten confused. Hope this was helpful. Feel free to print it and adjust it if needed.

You can find more information at http://www.blackboxvoting.org.

Bev Harris