BBV: Harris Report calls software certification process into question

There are some implications of the Bev Harris Report exposing the gaping security holes in Diebold, Inc.’s GEMS vote collecting and counting software, which seem to me not to have been discussed here in much depth. I believe they are perhaps more important ultimately than the actual software flaws discovered. They are implications related to the certification process which election systems have to go through before they can be adopted into use.

The way the certification process works at the moment goes like this. The company making the system pays a fee to the ITA(s) to certify their system. Here we have an inherent conflict of interest.

Once the ITA has certified the system, its name is added to a list kept by the National Association of State Election Directors (NASED) which establishes the standards the systems have to meet. From that list of certified systems, each separate Secretary of State chooses the systems they will in turn “certify” for use in their state. From that state list, counties chose which system to purchase.

There are currently two ITAs which handle most of the certification; Wylie Labs which certifies only the hardware and firmware; and Ciber, Inc. which certifies only software.

Ciber, Inc. is the only company in existence willing to certify software since the court decision making the software source code a trade secret. Ciber, Inc. claims the means it uses to test the software to ensure it meets NASED standards are trade secrets. Therefore, not only can we not see the code ourselves, we are not even allowed to know how the software is tested to be certified.

The Rubin and Harris reports, aside from raising serious questions about the software, also raise extremely serious questions about the certification process. Diebold, Inc., and Ciber, Inc. have essentially just been saying trust us. The code meets certification standards because we say it does. Now, with these two reports, we find security flaws in the source code so egregious as to defy explanation.

One example. In the Harris report one of its most shocking findings was that the GEMS vote counting software had within it an extraneous utility program, unrelated to vote counting, which allowed the time/date stamp audit trail to be altered without leaving a trace. The audit trail, required by even simple basic programming security protocol, automatically records with a time/date stamp every entry into program or data files, and any changes made. This audit trail is touted by Diebold as the safety feature which can assure election officials the system is safe and untampered with. The inclusion of a program which allows alteration of that audit trail, and erasure of any evidence of the alteration, cannot be explained away as programming negligence or sloppy security. It’s presence is a huge red flag, and could understandably be seen as circumstantial evidence of an intent to defraud.

Perhaps more importantly, Ciber, Inc. is on record as saying that their certification process entails a line by line examination of the source code. If that was done, how is it possible they did not find this audit trail alteration utility program and demand its removal before certification?

Again, this is a failure of such magnitude it can not be explained away as negligence or sloppy code examination. Such an explanation is tantamount to an admission that the company is not fit to be a certifier of something as terribly important as the software used to count our votes.

By the way, in other threads I have asked some of the naysayers to Bev's work about this particular code, but they all chose to avoid responding. I'm not surprised. I've done a lot of writing and I'd be hard put to come up with an innocuous explanation for either the code's presence or the certification process's failure to catch it.


Gordon25

as soon as she posts it to some mail lists I subscribe to.

One member showed the material to security experts at a company he works for, lets just say they were all very shocked. Indeed so shocked that from what I understand they have sent public comments to the Secretary of State of that particular state. I am just trying to keep the company and state in question under wraps to protect the people... but lets just say they were very shocked at the obvious doors, and as they said, it just makes them wonder about less obvious trap doors.

:mad:

So, if no one can examine how the code is written or really works, and that code is part of the vote counting process, doesn't that create a secret vote count, something Lynn Landes has been trying to explain?

That would make one person in the entire country the arbitrar of elections in every state and county that uses a computerized program in one way or another.

I think it's time for a Congressional and concurrent independent investigation of this whole process.

At the same time, we may want to review the HAVA Act, which seems to tie audits not to the actual ballots, but to records of the ballot. In other words, not an audit of evidence at all.

Is there something unconstitutional about that?

Visit: http://www.libertywhistle.us/ for some thoughts on that. This is a work in progress so please bear with, some of the information may seem a little confusing and some of us are hashing it out. Like, who changed Ensign's amendment, because what was introduced in session on that day is not what was passed, that was a MODIFIED amendment.

But the HAVA Act and the legislative changes taking place at some state levels, with help from The Election Center, all seem to skew towards invalidating the actual ballot over a record.

That's nice if you want to amend something. Also nice if you want to go to electronic voting without actual, tangible, voter-verified evidence.

Are The Election Center, NASED, (parts of it) and the HAVA Act working together to thwart accountable elections?

Is there a money trail there to follow?

Thinking out loud, on line here.

:shrug: :shrug: :shrug:

... it looked as if the changes were made by Mitch McConnell. That can be found through the Thomas locator.

As for the money trail, we pounded on that for weeks, in late spring, looked at The Election Center's Form 990, the links between all the parties, to the extent possible, and pretty much exhausted what was in the public record. Even thought about chipping in for some private investigator time.

But, ultimately, without evidence of wrongdoing, it's hard to get the gov't interested, and the press hasn't devoted any serious investigative work to the subject, either.

Does the current situation pass the smell test? Nope. Too much secrecy, too many incestuous relationships.

Cheers.

Luckily we have the Harris report, with the audit trail alteration utility I detailed above, which is starting to be seen by some public officials here, at least, as circumstantial evidence of possible wrong doing. If, as I have heard rumored, the next big story to break is the presence of code to allow anonymous remote acces, there will be a lot more officials a lot more convinced, and the calls for investigation will definitely begin to be heard in official government circles here.

Our Democratic Governor vetoed HAVA when the Repub dominated legislature passed it because ultra right wingers had attached an ammendment requiring two pieces of picture id at the polls before you could vote. That means no federal funds for the HAVA mandated upgrades. With the current state budget crisis, the 53 million dollar HAVA appropriation is a big budget item and the idea of being seen as a hero for preventing the waste of so much Arizona taxpayer money on a faulty and untrustworthy system seems to be appealing to intelligent state politicians on both sides of the aisle.

Remember the tidal wave. You don't see it until it hits the beach, and then it's way too late to escape its force.

The Octopus's Garden is rockin and rollin.

Gordon25

it is also another reason why it should be open source.

has one started up yet? if not we should start one up ourselves.

peace

anyone know if they is an open source alternative underway yet?

anyone got a link?

thanks in advance :toast:

peace

we're just concentrating on trying to keep the Diebold code in the public eye.

The open source stuff is going to have to depend on someone other than us.

if it exists and possibly promote as an alternative.

folks like hearing about alternatives once a problem has been pointed out.

:hi:

peace

and we'll be happy to link to it.

... AccuPoll seems to be doing it right--they meet the HAVA requirements, provide a printed ballot and use open source code. When I asked them what they supplied to the ITA, they said it was straight out of the box Red Hat Linux and their own code written for that, and that they supplied it all in open source.

So, there's one, and another Bev has identified, but I've forgotten their name.

There are alternatives available, but they seem to be getting crowded out by the bigger names in the industry. Diebold and ES&S have some considerable lobbying power (yet another problem).

Cheers.

http://www.accupoll.com

they don't have there source code there but i like what they are saying on their website, sparse as it may be.

peace

I don't remember the name of the company they partnered with to promote their system, but on it's board of directors or adivsory board is James Baker.

I thought that extremely curious, because Accupoll is one of the few doing everying about as right at it gets.

I've also been told that companies will put just about any "name" they can get on a BOD or advisory board, just for the name appeal.

So far, it would seem Baker's not involved in Accupoll promotion. Unless Accupoll finds itself not getting the best promotion....

I'd assume this connection is innocent, because Accupoll's system fits the, "What's not to like?" catagory.

... which explains your concerns above, so I'll briefly fill you in. This issue was covered extensively in the spring--lots and lots of people with questions and comments on this very subject. Wyle (not Wylie, as it's frequently misspelled in the press) does handle the certification for hardware and firmware, but their certification tests are limited to repetition testing--they devise routines to test functionality and run those tests over many cycles.

The much more curious aspect is Ciber. It is only the latest of several companies to successively do software testing, each one with the same director, a fellow whose name you likely know, Shawn Southworth. As Bev has described frequently, the ITA, in this case, Ciber, does not answer questions directly about its testing processes, and refers all questions to The Election Center. R. Doug Lewis, at The Election Center, then only answers those questions he chooses to answer.

No one really knows the background of these two principals in the process, or their qualifications. R. Doug Lewis' background is known only to the extent of his press releases from The Election Center.

This organizational arrangement has therefore created a tremendous amount of secrecy surrounding the certification process.

There is another certified ITA, SysTest, in Colorado, and they are certified to test both hardware and software, but they seem to not be getting much voting equipment certification work. The suspicion drawn from that is that R. Doug Lewis is shunting certification work predominantly to Wyle and Ciber, for reasons which are unknown at this time.

You might go to the old forum archive and do a search for those individual's names--you will find that it was a hot topic two or three months ago.

Cheers.

See also this thread:

http://www.democraticunderground.com/discuss/duboard.php?az=show_mesg&forum=104&topic_id=132675&mesg_id=132675

A major push is on now is to prove that the allegations Harris made regarding GEMS are both correct, and are problems that can actually be seen "in the field". The Libertarian Party of Georgia has a public records request going in that state; I'm doing the same in Alameda County California (see also my PRAR in my tagline, and the entries in the thread above for details).

... once in a while. The perception of public officials is that they are stodgy and unimaginative and bureaucratic, so it's often a treat to see how much creativity they apply in not answering public records requests. *smile*

Cheers.

You're right, I have come into this forum only recently. I really apreciate the data on past discussions, and it is good to know there is another ITA who can test and certify software. Any retests of Diebold software for recertification, or tests for certification of new alterations in the program, should obviously not be done by Ciber.

Do we know enough about SysTest for me to safely recommend them to the legislators I am working with on election law reform as an alternative to Ciber?

Final question, do you know if anyone is actively pursuing the idea of U.S. Congressional hearings on the whole certification process including NASED and their relationships with Ciber and other ITAs?

Gordon25

... better than I. What I did find of them were company email addresses for two of the people doing voting equipment testing, something not available from Ciber, IIRC. One of the people at SysTest also publishes scholarly papers on software, which would indicate that their backgrounds are more readily available.

I, and I'm sure many others, would hope that the certification process would come up in hearings on Rush Holt's bill, but it's currently stuck in the House Committee on House Administration, according to the Thomas locator. It would be an appropriate venue to explore the subject.

Cheers.

in general though - the big picture, in a nutshell - and it needs to be made OVER and OVER again...

the certification proccess needs to be opened up, it is way to secretive today.

that is not old news... that is what we are dealing with TODAY

psst... pass the word ;->

peace

... meant only to say that the subject had been gone over in some detail in the past, before Gordon25 arrived.

It is, of course, a continuing problem, greatly interrelated with the proprietary claims of the voting equipment manufacturers, of the general obscuration of the purchasing decisions made by the states, etc.

There are limits to how much sunlight one can bring to the subject via the internet, and getting the Feds interested in an investigation, as far as I know, hasn't been successful.

Bev can answer this better, but I would guess that her book will go into the curious relationship of the The Election Center, the ITAs and the manufacturers at some length.

Cheers.

i don't expect all the secrets to come to light without a court order and even still there will remain some.

but we certainly have enough to convince reasonable people that the process needs to be changed.

now it is about getting that message out.

:hi:

peace

After writing that report, I tested the PE Explorer software, and could not get it to alter dates of anything but executables (in other words, couldn't see how it would be used to alter dates of the Access databases, but could get it to alter the dates of GEMS.exe and the .dll files).

I am unsure of the extent to which it is used, but I'm still concerned about the date changing. Within the audit log itself (the safeguard most touted by Brit Williams) changing the date is as simple as retyping it. We also know that some files have had their date-stamps altered, and these are not executables. Perhaps they used the date-stamp changer and figured out a way to make it work on the non-executable files, or perhaps they altered the date on their computer to make it date-stamp for a later date, but we do have records of files that are documentably changed.

In the updated article (http://www.blackboxvoting.org/access-diebold.htm) I removed the description of the date stamp changer because I haven't had time to play around with it. It changes date stamp on executables; they changed date-stamp on non-executables; I'm not sure of the method they used, so I corrected the article to be on the safe side.

There are many date discrepancies, some of which are clearly changes in the date-stamp, but some I really can't figure out. In the source code, you also see some discrepancies on dates as compared with changes, and you also see some oddities in the Access audit log. Can't do everything; I gave up looking at date-stamping and methods, and took the thing out of the report until later.

Bev

So you lied in public yet again. Amazing. :thumbsup:

I'm going to do you the honor of dubbing this the "Harris Technique". Post something unfounded over and over again until it's accepted as meme and then quietly retract it later. It's really pretty shoddy, it makes me wonder where you studied journalism.

I can't wait for the explosive expose (and inevitable retraction) you've been promising on the secret unauthenticated backdoor access that Diebold (allegedly) inserted into Windows code. :eyes:

JC

:kick:

Eloriel

I'm totally serious. If this issue keeps getting more and more press, that is the next logical step. People won't be able to trust anyone but Bev.

http://la.indymedia.org/news/2003/08/75778.php

Someone is using satire to mock up an ad:

Diebold Voting Machines: We Guarantee the Outcome

In the November 2002 election, heavily favored Democrat Roy Barnes outspent his Republican opponent, Sonny Perdue, six to one. Diebold's AccuVote, with its patented paperless, virtually unauditable system, helped Perdue pull an upset victory and become the first Republican governor of Georgia in 130 years. If you're an underdog and a Republican, let us do the same thing for you

Then a nice big picture of Sonny Perdue.