Comments of a Florida based professional software engineer regarding HBO's "Hacking Democracy"

Hello Friends:

My name is Douglas De Clue and I live in Orange County Florida where I work
as an automated test equipment (ATE) engineer writing software that performs
data acquisition, hardware control, communications/networking, and hardware
testing.

I have been doing this sort of work since approximately 1996 in a succession
of companies around the country as a contracting engineer.

In many aspects these tasks are very similar to the tasks performed by
automated voting equipment such as that produced by DieBold, ESS, and
others.

I have also worked in the past as a software test engineer where the purpose
was to test the behavior of software against specifications for FDA safety
testing of hemodialysis machines.

I am 40 years old, hold a Bachelor of Aerospace Engineering degree from
Georgia Tech since 1989 and have been programming computers since I was 12
years old in 1978 and have been writing software academically since the 1985
and professionally since 1992 when I began working as an engineer.

Since 2004 I have been heavily involved in voter database issues here in
Orange County where I have provided substantial volunteer I/T support to the
Orange County Democratic Party and to a variety of Democratic candidates for
office in the 2004 and 2006 elections including the Kerry campaign, the Rod
Smith campaign for Governor, and several other candidates so I also have a
substantial background in campaigns and voter database issues.

I am currently also a precinct committeeman for the Democratic Party here in
Orange County Florida.

During the 2000 elections, I was not active in the party but I DID reside in
Broward County Florida at the time and became painfully aware of the vote
counting issues of that election. (So called "butterfly ballot" or
Hollerith card voting has obvious verifiability issues as we saw in that
election and we should not return to such Hollerith card systems.)

Because I reside in Orange County, I have had the opportunity to actually
meet Clint Curtis on several occasions (who claims that the GOP once tried
to hire him to write software to hack the vote), who was a candidate who ran
for the United States Congress, 24th Florida Congressional District in this
2006 election almost entirely on the issue of vote verification.

I also met one of the women working with BlackBox who appeared in the
documentary that aired on HBO last night entitled "Hacking Democracy" from
Volusia County this year at a local DFA meeting.

Having said all of this let me now comment on what I observed in last
night's airing of the HBO doumentary "Hacking Democracy":

1) This documentary ironically aired after one of the largest political
landslide elections in recent decades when it was apparent for several
months that the Republican Party in power was headed for imminent and
overwhelming defeat. If votes were going to be stolen, this would have been
the election to do it. The Republicans knew they were going to lose badly
for at least 2 months.

What happened? Did all the vote stealers go on vacation this time?

Why didn't the GOP put the fix in? Even if they did not feel they could
outright steal the entire election, why didn't they pick a few of the closer
races, at least in the Senate, to steal? There were clearly several very
close races in Montana and Virginia after all where if they were going to
steal the election they could have tinkered with these races in very
marginal ways to win them.

Based on this election, I don't believe the vote was actually stolen in 2000
or 2004 using technical hacking means but rather through the Republican
party simply doing a better job of mechanically turning out their base
voters than the Democratic Party in combination with old fashioned voter
suppression through fear tactics (in some instances) like the ever popular
"if you vote you're going to jail" leaflet, campaign dirty tricks in some
instances like phone bank jamming, and through a faulty "felon" purge that
occurred here in 2000 that was heavily weighted to punish Democrats.

In reality, plain old fashioned gerrymandering of election districts has had
the most impact on elections by far here in Florida making most districts
uncompetitive simply by very careful selection of election district lines
using FREDS data and Census Bureau TIGER line data and other demographics
database info to push all minority voters into bizarrely shaped
supermajority districts such as Corrine Brown's here in Central Florida
where she is assured a win ever year because of overwhelming African
American support in her own district while surrounding districts have little
if any African American votes in them causing them to tip to the Republicans
since the African American vote is heavily (90%+) Democratic.

If you want to say "the fix is in", then in reality, it is much more about
the gerrymandering that occurred in the 2000 reapportionment - at least here
in Florida - than about technical vote hacking.

Instead of having 2 Democrats and 2 Republicans therefore in Central Florida
we have 1 Democrat (Corrine Brown) and 3 Republicans (Mica, Feeney, Keller)
in Central Florida through this gerrymandering. If only a small portion of
the African American vote in Corrine Brown's district were redistributed to
the other 3 districts in the area, there would be 2D's and 2R's because the
8th district would then be competitive enough for Democrats to win. The
districts for all levels of races - Congress, State Senate and State House
are all bizarrely gerrymandered in a manner which would make the
partitioning of Berlin and Germany among the four allied powers after World
War II look extremely reasonable by comparison.

2) The documentary "Hacking Democracy" was, in my own opinion, very unfair
in its treatment of the Supervisors of Election in Volusia and Brevard
Counties and treated them as though they were guilty until proven innocent.
I felt this betrayed the purpose in this effort by making the
blackboxvoting.org folks look very biased and not objective in their
conclusions.

3) The Diebold people nonetheless came across to me as doing a song and
dance to protect what appeared to be a product that had multiple technical
deficiencies - especially in the California legislative hearing - rather
than simply admit that there were defects, what those defects were, and how
they planned to correct them. This would have done much to inspire
confidence in their systems that the singing and dancing did not do.

4) I would not describe the simple manipulation of voter database tables
stored on SOE Sanchez' computer system as a "hack".

That really stretches the term "hack".

All that was done was the opening and manipulation of a standard database
file (it appeared to simply be a Microsoft Access .mdb file) using some
simple SQL queries which did the obvious and expected thing - it altered the
stored records. It wasn't really much of an impressive "magic trick" to me
as a programmer.

Not mentioned in the documentary is that every file stored on your computer
has a time and date stamp and a file size and that every NTFS formatted hard
drive has a master file table (MFT) and journal logs that track file changes
on the hard drive. A simple SQL record change as demonstrated in the video
would be fairly easy to detect using common forensic techniques so I would
not be willing to describe the vote change demonstrated on SOE Sanchez'
computer using the SQL query as "untraceable".

The real issue that was not addressed by BlackBoxVoting.org here was the
fact that they were storing voter information in aggregate form as the
official election record in the first place.

5) Regarding the change performed to the database file at the SOE office, I
would like to recommend the following safeguards be implemented by SOEs to
minimize the risk of hacking in the future:

a) After an election, individual voting machine datacards should be
immediately backed up to a write once media like CD-ROM or DVD-ROM as they
are uploaded so that a permanent record exists that cannot later be easily
altered or better yet replaced entirely by write once media like DVD-ROM or
CD-ROM so that they can not be altered after the fact. Such write once
media must be treated like evidence in a criminal case with a chain of
custody, seals, and secure storage.

b) Voter data should NOT be stored in relational databases as simple
aggregate totals. This makes it too easy to alter the results en masse. It
should only be presented that way for final viewing on the SOE website.

c) Instead, voter data should be stored in a journal or transaction log
format where each individual vote is individually recorded into a file along
with other corroborating information like:

i) Software Version ID and an MD5 (CRC32) checksum for that software.
ii) Voting machine serial#
iii) Voting data card serial#
iv) SOE Operator#
v) A globally uniqued voter sequence (GUID) for that particular machine
generated by a remote SOE machine that provides this to all voting machines.
It in turn would keep track of which machines it issued voter sequence
numbers to and when so as to make it hard to fake without access to both
machines.)
vi) Time and date stamp.
vii) Vote totals for each race for the machine as well as how the voter
voted in each race.
viii) A CRC32 (cyclic redundancy check) number computed for each
transaction. This is a complex checksum algorithm that would make it very
difficult if not impossible for a "hacker" to go back after the fact and
alter the records and is the basis for file verification when downloading
software and also in many common anti-virus programs.

You could also add the actual voter ID number from the SOE rolls to this
list of items to insure additional security but then it would be possible to
determine how people voted.

Tracking the operation of each machine like this in a transaction log format
rather than in simple relational database tables with aggregate counts would
make it much much harder to fake the results because the votes would then
have to be faked one by one rather than en masse as demonstrated in the
video. It would be very hard to fake the votes in a convincing manner that
could not be discovered by poll watchers who keep track of when people come
and go and how many show up at the polls at a given time.

6) This transaction log, any databases, the hard drives, the datacards and
the operating systems must be:

i) Password protected
ii) Encrypted
iii) Protected by physical security and chain of custody must be insured.
iv) Norton "Ghost" imaged or otherwise forensically copied to a permanent
write once media for preservation before and after the election.

It seems like all of these very obvious security techniques were being
ignored or by-passed in the Sanchez' demo and I hope that they are actually
being practiced in the real world.

7) All machines for voting must NOT have internet access and must be placed
on private networks with no outside access. This will do much to eliminate
the threat of external hacking - however, most hacking still occurs from the
inside in the real world.

8) Instead of storing the vote totals on each voting machine on the flash
memory cards that Diebold is using, I would say that the votes need to be
recorded on a write once media like CD-ROM or DVD-ROM so that they can not
be altered after the vote. This would also make it much easier to prevent
malicious code execution from the cards or changing the contents of the
cards by someone with a card reader as their security expert did.

9) The constant and ominous reference in the documentary to negative ballots
and counting backwards was not properly explained in the documentary and has
a simple more innocent explanation that I wish to comment upon here:

a) The counting backwards would most likely occur at 32767 votes because
numbers are probably being represented in the computer program as 16 bit
signed integers which means that because of how math is performed by
computers that after 32767, additional votes added would "roll over" the
count and cause it to start counting backwards. (For the non techie people
out there, think of this as being like your car odometer rolling over at
99,999 miles.)

b) Variables in voting machine software should never be declared as "short"
which means signed 16 bit integers. Instead they should be declared as
"unsigned long" which means unsigned 32 bit integers or in other words that
negative numbers would not be possible and that the count would go between 0
and 4,294,967,295 or slightly over 4 billion. This exceeds the entire
population of the United States by a factor of 14 (whereas 32767 is small
enough to actually occur in real races) and would prevent the roll over
scenario from ever occurring and it would also prevent malicious persons
from preloading the vote counts with negative numbers as demonstrated in the
video by BBV's security expert.

This problem is almost certainly not really malicious on the part of
Diebold, ESS, or other vendors but rather a simple coding oversight by the
programmers of the software who did not consider the unintended consequences
of choosing signed variables or short (16 bit variables) with respect to the
roll over issue and the possibility of pre-biasing the votes on the cards.

10) I definitely agree with BBV that the touchscreen devices are too easily
subject to either malicious code and simple miscalibration of the screens
because no permanent paper ballot record exists that can be hand counted and
such systems must be discontinued and removed from operation ASAP.

Paper ballots involving having the voter manually connect the arrow as used
here in Orange County FL or fill in the circle such as SOE Sanchez' office
uses however CAN be hand counted and thus are manually verifiable and
provide an important check on software programming errors and potential
malicious human behavior.

11) When the government buys custom software for DOD, FAA, NASA, FDA, or
other government agencies such as voting software obviously is, the software
is not "open source" to the general public - however, the government as the
customer is always given the source code for maintenance, inspection and
test purposes as well as compiling instructions to allow the gov't to verify
that the delivered compiled code is actually the same as the source code
provided, along with MD5/CRC32 checksums to verify the compiled code, design
documentation and specifications for testing.

12) Truly black box software without source code should never be allowed in
voting since it is almost impossible to tell what the software does by
testing to specifications alone.

Specifications testing hardly ever provide a complete check of the
functionality of any complex piece of code and should be viewed as a mere
starting point in software quality, not an end.

Because they apparently did not understand this simple fact about software
testing, I believe that the BBV people treated the CIBER people in
Huntsville Alabama rather unfairly in their "ambush" interview. The CIBER
people were simply given a check list of test specifications by the
purchasing gov'ts which likely as not wasn't complete due to a lack of
technical sophistication on the part of the purchasing SOEs and a lack of
insight into the development process of the vendors.

The CIBER people simply ran the check list they were given and had no way to
test the software beyond that without having design documentation and source
code which they were likely not given by the vendor. They did the job they
were contracted to do, nothing more, nothing less and it really wasn't fair
to bash them for not having access to information that the vendor did not
provide to them.

The software is, after all, tested "to specifications" and not "to
perfection" which is of course much harder to define. Those
specifications, like it or not, are almost always incomplete or faulty in
some manner in any event.

13) Beyond specification testing, an actual source code inspection and
analysis by a number of different experts is also a required (although not
necessarily sufficient) condition of software quality assurance.

In the end there is never any total assurance that software is entirely bug
free and we have seen a number of spectacular examples of software quality
failures in recent years including cases like the Mars probe that cratered
in a few years ago due to inconsistent engineering units in the software, a
lost earth orbiting satellite due to an incorrect constant for the
rotational velocity of the earth, a radiation device for treating cancer
that delivered lethal radiation doses and others where extensive testing
failed to reveal unintentional flaws in the software prior to operational
use.

Such mission-critical or safety of "life and limb" type software (sometimes
jokingly referred to as controlling "elevators", "nuclear power plants",
"airliners", and "iron lungs") is notoriously difficult to make bug free and
I have personally been involved in writing and testing such software for
wind tunnel systems where control of a 5,000 kW (6700 horsepower) electric
motor was involved. It is no joke if you lose control of a 5,000 kW motor -
people can be killed and millions of dollars of damage can occur - so it
takes a great deal of effort to get it right.

Yet, nevertheless, we continue to have spectacular failures of
mission-critical software in a variety of areas. (See:
http://awads.net/wp/2005/12/05/ten-worst-software-bugs/ or
http://www.wired.com/news/technology/bugs/0,69355-0.html?tw=wn_story_page_pr
ev2)

Ultimately, typically only about 1/3rd of bugs can be discovered through
specification testing, another third or perhaps somewhat more may be easily
found through cursory code inspection, but the remaining 1/3rd ends up being
discoverd through end user operation in the field. This is why it is
important to implement extensive beta testing by a variety of users before
software is generally released for normal operations.

14) Wherever software is used by the government for any purpose that will
affect our lives such as voting or as evidence in a court trial (say in the
case of DUI intoximeters or radar guns) such software must be made exempt at
least some of the protections of copyright and patent laws so that it can be
inspected by the government, recognized experts, and the public at large to
insure confidence in the system.

In criminal evidence cases, such black box devices as intoximeters and radar
guns deny the accused the right to confront the evidence against them -
essentially it becomes guilt by "magic 8-ball". In voting it then becomes
election by "magic 8-ball".

Such "open sourcing" of voter and other gov't owned systems like
intoximeters and radar guns would also make it much easier to identify and
fix flaws in the system because far more sets of eyes would be looking for
the problems and it would not be possible to keep such problems hidden for
long.

15) Voting systems based any of the Microsoft Windows operating systems are
particularly vulnerable as we have already seen from the many many monthly
security patches issued over the past 5 years+. All commercial operating
systems are vulnerable to some degree or another (see the NSA white paper:
http://www.jya.com/paperF1.htm) and for this reason it is necessary to
always hand count a 3% random sample of paper ballots in each election to
insure system integrity and if discrepancies are found to recount larger
samples up to and including a full manual recount if necessary.


My final conclusions regarding the HBO documentary "Hacking Democracy"

a) Technical vote hacking most likely did NOT occur in the 2000, 2002, 2004,
or 2006 elections.
b) Vote hacking is however theoretically possible to some degree depending
upon the software and hardware being used by the SOE and the technical
sophistication of the SOE personnel using it.
c) Voting software must be made open source.
d) Paper "opti-scan" ballots appear to be the best solution to providing
election traceability because they can also be hand counted.
e) There are numerous actions that I have outlined that can be taken to
significantly harden the voting software against hacking.
f) No software is "hack proof" or "bug free" however and a 3% sample hand
count should always be performed as a safety check.
g) The following voting issues which are more seriosu than vote hacking need
to be addressed expeditiously:

i) Gerrymandering. Blatant district gerrymandering using FREDS, US Census
Bureau TIGER line data, and other demographic resources must be stopped and
districts need to make organic sense following geographic boundaries like
rivers, highways, city limits, etc. so that communities of interest are
preserved and so that districts are not biased by racial or economic factors
to prevent competitive races.
ii) "Felon" and other types of "purges" whereby voters are removed from the
ballot and either denied a vote or forced to vote provisionally when these
purges are often subject to cases of mistaken identity given the issue of
common names.
iii) Intentional voter suppression "dirty tricks" like the "if you vote
you're going to jail" leaflet that appears in election after election in
African American and Hispanic communities.
iv) Dirty tricks like campaign phone bank jamming, false messages using
robodialer systems, and other such tactics.

h) Legislation at the state and Federal level needs to be passed to insure
that the fixes I have recommended here and other fixes that other experts
recommend are implemented promptly to minimize the risk of a hack in future
elections.

Respectfully,
Douglas J. De Clue
Orlando, FL
ddeclue2@earthlink.net

Form: Don't worry about this vulnerability, worry about these other, more likely vulnerabilities.

The "fraud pressure" will always move to where it's not defended or least well defended. The "fraud pressure" typically comes from multiple sources and angles because a lot of people have a lot at stake in elections.

yes, gerrymandering has an effect.
yes, suppression has an effect.
yes, voter registration list purging has an effect.
no, it doesn't mean that concerns about rigging are overblown or needless, if anything it reinforces the temptation to use the rigging/hacking option.

Multiple causation is the most common thing, in life, in nature, in elections, pretty much everywhere. It makes it harder to get our minds around, but that's how it is anyway.

My hat is off to you, Douglas J. De Clue.

A pen, a ballot paper and a box with a slot in the top. The ballot papers are counted by hand in full view of any member of the public who wishes to invigilate the process.

"This problem is almost certainly not really malicious on the part of
Diebold, ESS, or other vendors but rather a simple coding oversight by the
programmers of the software who did not consider the unintended consequences
of choosing signed variables or short (16 bit variables) with respect to the
roll over issue and the possibility of pre-biasing the votes on the cards."

You seem to cast them as imbeciles.

Nor, it sounds to me, do you believe the Diebold employee, who laughingly blurted out that his interlocutors shouldn't worry, they would take care of the counting!

Or, indeed, the words of Diebold's one-time CEO, Walden O'Dell, in a fall 2003 fundraising letter, sent to Republicans:

"I am committed to helping Ohio deliver its electoral votes to the president."

I'm not sure whether that qualifies you as credulous or close-minded or both.

I don't think the BBV people are imbeciles... I just don't think they have my decades of experience and expertise.

And NO of course I don't trust DieBold and I made that clear in my original post. It seems pretty clear that they were out to protect their reputation and their profits no matter what and that there were multiple defects in their software that they don't want the world to know about.

I am well aware of Mr. O'Dell's comments but that does not translate into his having the ability to open up his laptop at his desk and simply alter votes around the country nor does it even indicate an actual intent to do so. It may merely mean that he was going to work as hard and spend as much money for the GOP as I did for the Democrats.

Doug D.
Orlando, FL

expertise to anticipate the roll-over problem?!?!?

Come on, now! You can do better than that. You're demeaning yourself saying such a foolish thing. If the programmer isn't swift enugh to understand that there are more people liable to vote in elections than that magic number tripping the roll-back will permit, there should be a supervisor, some executive at some level, to whom it bellows out really, really loud. That's been their thing now, we're told. Not just automatic tellers, voting machines!

But hey! What about the certifications, or putative certifications in those elections? For crying out loud! Would that not be one of the first thngs such experts would watch out for - particualrly in view of the history of election fraud, sometimes bipartisan in US elections.

I promise you, I see it pretty regularly.

Why do you think there are so many software patches issued?

Doug D.

my original post."

And yet, in your confusion, you express this bold presumption of innocence on the part of Diebold!

"a) Technical vote hacking most likely did NOT occur in the 2000, 2002, 2004,
or 2006 elections.
b) Vote hacking is however theoretically possible to some degree depending
upon the software and hardware being used by the SOE and the technical
sophistication of the SOE personnel using it."

But you really become very naughty indeed when you come up with such simplistic piffle as:

"I am well aware of Mr. O'Dell's comments but that does not translate into his having the ability to open up his laptop at his desk and simply alter votes around the country nor does it even indicate an actual intent to do so. It may merely mean that he was going to work as hard and spend as much money for the GOP as I did for the Democrats."

Hardly even a straw man worthy of the name - whoever suggested, or would have been foolish enough to suggest that O'Dell would have personally fixed the tabulations.

Experts, however, I believe at least as experienced and expert as your good self, have stated that it would have taken a team of no more than 12 individuals to have turned the 2002 election.

And what about the mysterious Diebold employees interfering with the machines in situ, during or immediately prior to the elections?
Itself, a wholly illegal act.

And as for the innocent construction you suggest on the words of O'Dell, the CEO of Diebold, this big election-machine manufacturer, to Bush, as having been uttered simply as an ordinary Joe, working for the party! Extra-murally of course... I can see him going round, door to door, canvassing support for the Can'ts.

Well, hey, you may be an innocent "techie", but he would be a very worldy-wise individual, who would surely have instinctively recoiled from the very thought of making such an ambiguous remark, given his job description and his Republican party donor support?

By the way, are you aware that a kind of offical election-probity investigator was murdered, some weeks prior to the election, I believe, seemingly by a professional hit team. And the police investigation seemed to peter out very quickly, with the police claiming in the teeth of markedy contrary indications, that it was suicide?

Sounds like a David Kelly type. Suicidal character flaw. Ah, well, some cooks are bound to slip through the net, arent they? Who'd be a Human Resources exec?

Suicides become murders and everything is a conspiracy...

I used to think black helicopters where only for Republicans...

geez...

:tinfoilhat:

Doug D.

We have the right to know how our votes are counted. We have the right to expect our questions answered. We have the right to expect accountability and respect from anyone running the government that is ours. If instead you get secrecy and run-arounds, distrust and suspicion always result. It's you that's the fool to make excuses and blame the people who don't trust them. They deserve no trust; it's their duty to account. O'Dell, Diebold, and all of our government officials have NO right to keep secrets from us. If some come up with implausible explanations, who gives a f***. It's not our job to figure out what they're hiding. Until they stop hiding and lying, I stand in solidarity with the conspiracy theorists and tin-foil hat crowd.

O'Dell isn't criminally charged; he's being paid to deliver product and service. He isn't presumed innocent; he should be able to prove the integrity and reliability of his product. If he can't or won't, let him pay back our money and never again contract with any government entity ever again.

Complex software that is usable in the real world is always banged up against reality hard and often. That's why they didn't notice the buffer overflow problem--because the ELECTION ITSELF was the beta test that caught it. It is absolutely UNACCEPTABLE for elections to be beta tests, period.

The same thing applies to their hardware, which often fails because of heat, cold or humidity. ATMs don't fail under a wide variety of climate conditions because they have real world tests billions of times a day 24/7, 365 days a year. We just plain don't vote often enough to warrant complex systems like this. Think how badly cars would suck if people only drove them for a couple of hours twice a year.

BTW, I'm not convinced that there was no hacking in 2000, 2002 and 2004. If you aren't allowed to see the raw data, howthehell would you know one way or another?

i think it was stolen in 2004 and 2000. well, georgie was APPOINTED in 2000.

and i do think hacking happened this time, but there were TOO MANY anti repub votes. and not every state has the new machines. plus there were more eyes paying attention this time.

also seems like paying more when a pencil will do.

The bad news is that I don't believe that it would have mattered how many Dems voted if they had really wanted to steal the vote.

Is it paying more? Probably not. Voter fraud can happen with or without technology. Don't deceive yourself.


Doug D.
Orlando, FL

Similar happened in 2000, 2004, and now in 2006.
And in 2000 and 2004 folowup recounts and audits have determined that the Exit Polls were correct and
determined how and where the manipulations occurred.

The so-called "Hursti Hack" was to prove that an almost certainly designed-in vulnerability exists on Diebold Opti-Scan machines.

Here's the skinny:

The Zero Total Report at the beginning of elections is used to prove that the memory card used to store the votes is clean. So where did Diebold choose to store the code that runs that report? Why on the very same memory card, of course.

What Hursti did was:

1.) Put negative and positive pre-totals on the memory card.

2.) Change the Zero Total Report to print Zeros if any total is negative.

That was what happened in the Sanchez demonstration.
1984 is a warning, not an instruction manual.

I recognize the Hursti hack and point out that solution is to force code changes to use UNSIGNED LONG INT's (along with several other improvements) when declaring variables so that negative numbers are not possible.

I was referring to the aggregate number change hack that was initially performed as being untraceable.

Thanks,

Doug D.

:shrug:

"it would also prevent malicious persons from preloading the vote counts with negative numbers as demonstrated in the video by BBV's security expert."

Doug D.
Orlando, FL

Hursti hack. Indeed, the documentary shows several experts from Diebold denying at public hearings that ANY executable code was stored on the memory cards. A direct LIE.

where I accused them of giving a "song and a dance" and also where I said that flash cards need to be abandoned in favor of write once media in these machines.

Doug D.

Just because the vote wasn't successfully stolen in 2006, really doesn't convince me that 2000, 2002, and 2004 were free from computer fraud.

Since you're so knowledgeable, can you compare voting machines to ATM machines? How come bank machines are so free from errors and voting machines are so prone to errors. I mean if I take $100 from my checking account at an ATM, it always takes $100 out of my checking. I never have to go back and make corrections. But, when I'm using a touch screen voting machine and I touch John Kerry and it registers George Bush, what the heck is that? Why am I not to think there is malicious intent? Clearly, Diebold makes ATM machines and they have the ability to make a working machine? Am I just to believe they can make a bank machine work, but are incapable of making a working voting machine? It just doesn't make sense to me.

Banking systems and Point of Sale Systems also have errors from time to time.

One other point to consider is that Banking and POS systems get much more frequent use than do voter systems (maybe 4 times a year in some years, once or twice a year in others vs. daily minute by minute use) and are generally technologically much more mature and have much fewer errors in their code.

Electronic voting systems have only been in widespread use since the 2000 election wheras electronic point of sale systems and banking systems have been around for nearly 30 years and having worked in retail at a supermarket, they too have errors - prices can be loaded incorrectly into systems for instance resulting in over or undercharges at the register.

The touch screen problem you describe is actually a problem of screen calibration where the touch sensor portion of the machine must be calibrated to align with the image of the buttons underneath. If the two are not calibrated precisely you can press what appears to be John Kerry to you and the computer will think you pressed George Bush.

If you read through what I wrote you will find that I recommended that touch screen systems are a disaster and must be replaced by paper systems like the Optiscan system we use here in Orange County ASAP.

Sorry, but...nice try (You won. shut up!). And not because I''m defending a bev harris account, How about this thingy?

http://journals.democraticunderground.com/CrisisPapers/56

He has an excellent explanation as to why there was less, not zero, computer fraud this time out. The very races this guy mentions should have been hacked were hacked according to Partridge.

He lost me when he tossed out the other elections based on this one. It's like OJ was acquited so toss out all previous wife-killing convictions? There are each separate events with supporting data. Just as each state, each precinct is examined individually so should each election. Failure doesn't prove lack of trying.

I stopped reading when he started listing all of these electronic solutions. Pull the plug and use paper. It's the only way any party knows for sure what happened. It shouldn't be based on faith.

Doug D.

High turnout can overcome hankypanky, and it did this time. Also, election protection activists being on the job helped a lot. Sort of like Rachel Carson's predictions of the effect of DDT on birds' eggs helped to forestall quite a few extinctions.

1) They're not sourced. This DU thread appears to be the source:

2) There were no exit polls of just "electronic voting", and the "machine tally" would reflect mixed paper and electronic votes in the case of Ohio and PA, thus the labels on the chart appear to be without any literal truth or meaning.

3) The column labeled "exit poll" might be accurately labeled "earliest leaked mid-day exit poll":

4) New Hampshire, the big spikey graph, was recounted by one of DU's fraudsters:

5) The OP is making a technical argument, which few can respond to on the merits. Instead, we have the repetition of the same circular argument: the exit polls were wrong because of the machines, and the machines are provably fraudulent because of the exit polls. Barring that, people just know in their hearts that paper is inherently more reliable than devil machines (Florida 2000 anyone?), so the OP's premise is discarded because it doesn't agree with people's preordained conclusions. But I applaud the OP for offering practical advice beyond "hulk smash!"

Well said...

I'm also quite perturbed that people are reading into this that I am somehow for touchscreen or against paper.

In fact I quite clearly recommended that touchscreens be junked and that a hand countable optiscan paper ballot be used.

Yet people see what they want to see, not what I wrote.

Doug D.

Thanks. It's really good to see some substance.

Those charts are the bane of my life. I once even found them on Wikipedia attributed to me (I deleted them).

They come in various guises though, so someone has got a lot of mileage out of them

The trouble with this particular version is that the apparent claim is that these are states with "electronic voting" - but no comparison with non-electronic voting is provided. And, of course, anyone in any of those states will realise they are actually not accurate exemplars of "electronic voting". Ohio was mostly punchcards. A lot of voters in Pennsylvania voted on levers. No distinction is made between DREs and optical scanners. NH was optical scanners, and a bit of paper. Florida was a bit of each.

And of course, famously, New York, where there was a huge exit poll discrepancy is all levers.

Will someone, please, put those things out of their misery for once and for all. We might disagree about interpretation of the data, but let's at least have accurate data.

They can only suggest fraud..they don't prove it.

Doug D.
Orlando, FL

The only way to make sure it won't be in the future is with HAND COUNTED PAPER BALLOTS with RANDOM AUDITS!

This post, while very thoughtful and with many, many good points, seems to draw the conclusion that investigating electronic vote fraud isn't necessary, since it didn't happen this time...and that is a foolish position.

I happen to still believe the 2000 was stolen - Bush was appointed pres., and '02, and '04 were stolen in a multitude of ways, including electronic vote stealing - there's just way too much evidence of a faulty count. And, despite the Dems victory, '06 was rife with problems. Poke around this forum a while and you'll see ample evidence of it. Or http://www.bradblog.com">Brad Blog.

My thinking is, if an election can be hacked (and it definitely can), it will be hacked.

In the mean time let's plug the system holes.

I specifically stated that we need to dump touchscreen and we need paper ballots.

Doug D.

Would you ignore a dead body in your back yard on the grounds that the situation is not ipso facto proof of foul play? Or would you conclude that there ought to be an investigation? Cases can never be adjudicated in courts UNTIL somebody investigates.

If the 2006 elections could be hacked, they would have been. As stated in other threads, there may have been too much overwhelming support for Democrats to change the outcome of recent elections. If the Republicans thought they could get away with stealing this election, they would have. Maybe the races were "tightened" a bit. I do think previous elections were hacked. And exit polls are very important. If election results in the Ukraine can be thrown out because they veered too far from exit polls, how can it be said they aren't that important here? And what if major Democratic corporate sponsors wrote secret election software to use in machines they produced? Republicans would never allow this to happen, and with good reason.

In any case, if you have an administration that takes its country to war based on lies, that suppresses scientific data, that spies on its citizens, that cuts taxes for the wealthiest at the expense of the poor, that exploits the environment and public assets for private gain, that distorts the military achievements of war veterans for political purposes, that calls US citizens "traitors" for speaking out against government policies, what's a little vote hacking (on top of gerrymandering, voter purging, etc)?

I agree with you. The poster of the thread has some good points, but it makes me angry when a knowledgeable person says, on top of all that has happened over the last 5 years, the evidence concludes that elections have not been hacked.

But first, what struck me odd was this guy's methodology for determining whether the elections had been hacked. He says that since the Republicans lost this most recent election, that he doesn't think any of the elections had been hacked!

Read it:
"This documentary ironically aired after one of the largest political
landslide elections in recent decades when it was apparent for several
months that the Republican Party in power was headed for imminent and
overwhelming defeat. If votes were going to be stolen, this would have been
the election to do it. The Republicans knew they were going to lose badly
for at least 2 months.

What happened? Did all the vote stealers go on vacation this time?

Why didn't the GOP put the fix in? Even if they did not feel they could
outright steal the entire election, why didn't they pick a few of the closer
races, at least in the Senate, to steal? There were clearly several very
close races in Montana and Virginia after all where if they were going to
steal the election they could have tinkered with these races in very
marginal ways to win them.

Based on this election, I don't believe the vote was actually stolen in 2000
or 2004 using technical hacking means..."

Uh, that's not how you test software and that's not how to determine where the votes were altered. So if this is how he makes the determination, his qualifications in software mean nothing; he's not even dealing with anything regarding the software.

I've said this before, and I'll say it again. Writing voting and tabulation software is EASY. It is not hard. It would be hard to have a "glitch" that switches votes, but easy to program it taht way. We are just talking data integrity (making sure the data doesn't get messed up by the program itself), we are not even talking about securing it from malicious code or hacking.

There are tons of systems that have thousands of simultaneous users, that take money transactions, that even if something goes wrong, the money still adds up. These systems are exposed on the internet where people try to hack in, try to inject malicious code, where the hacker have the code of the systems! Get Amazon.com to writing the voting software. They have it done by the end of the week! It's not that hard.

At every point voting data can be accessed there is a possibility for it to be altered, whether by "glitches" in the system or by malicious users. The entire chain of control over the data must be secure. It means nothing to have a "test" on a machine that reports that it can add some random votes correctly. It is a joke! It's not a test of anything.

I hope I am driving home that writing voting software is so easy, it would take less than a day and it would have virtually no glitches. It would take a little more time to make it secure, but it is nothing harder than what ATM's, online bacnking, and ecommerce website are doing.

If you really think you could write this software in a day then you really have no idea of what is involved.

Doug D.

I've been doing this for quite awhile and I have certifications out the wazoo. Single-threaded, simple GUI, simple arithematic, simple logic application on a controlled system with plenty of resources, on a private (actually no existent) network? How long would it take?

Most Windows based UI's these days are multithreaded.

If your voter machine has to do some other I/O like disk/flash writing or ethernet comm's then it may well be multithreaded. That's how I'd design it.

I don't think that people give software quality enough respect. They seem to think that all this stuff just works because they coded it.

I've seen otherwise with FDA approved hemodialysis systems and sophisticated data acquisition systems for wind tunnels.

Doug D.
Orlando, FL

Granted I am not a C guy, but I created a reservation application that hit a remote db in like a few hours. The refreshing of available reservation slots was in a separate thread, as were the gui events, but beyond that, what multithreading do you need? Seems like that would just be asking for more problems.

that might have to occur..

for instance do any of these systems use "dongles" as keys to make sure that the voting is authorized..

if so then you have to go read the serial or parallel or USB port where the dongle is...

Doug D.

--which gets the bugs that matter worked out of it by being banged against reality hard and often. How often do we vote? Not nearly enough to get significant bugs out of the systems. Why should we tolerate our elections essentially being beta tests?

Ha ha ha ha ha ha <wheeze> Ha ha Ha ha!

So this is what he is saying. When you declare a variable (like a bucket) to hold the total number of votes you have to say how big of a number the variable will hold. So if I use a variable of type "short" that means it can only hold a number so big, say, 12345. So if I try to add 1 to this number, I can't get 12346 because that number is bigger than the variable can hold. So what happens is that THE PROGRAM BLOWS UP! the computer says "You can't do that" and you'll get some nasty errors on the screen. It doesn't "flip" like this guy is saying to -12346 (or whatever, pick you number). Technically, you could do some weird things to the actually numbers in memory by switching or flipping bits which is what this guy is trying to say, but if you are just adding numbers that's not what happens.

But wait there's more...

Pop quiz: how many people vote in the US? How many votes would a candidate get you think? Should you make the variable able to hold, say 100 votes? 100,000? 24 billion? 100 votes is correct! So make you variable only able to hold 100 votes...not one will notice this in testing. No one will simulate an election where a guy gets more than 100 votes. Right? If you are tracking, then Diebold wants to hire you.

Computers represent numbers as a fixed number of binary "bits" or 1's and 0's.

With 16 bits (a short) you can represent numbers between 0000000000000000 or 1111111111111111 in other words between -32768 and 32767 or if unsigned 0 and 65535 which is 2 to the 16th power minus 1.

With 32 bits ( a long) you can represent much larger numbers between 0 and 2^32-1.

Your pop quiz show you don't know anything about computers or elections.

The correct answer is slightly over 60,000,000 votes in a Presidential election. The votes are broken down by precinct and county and that is why the 32767 number has generally worked in many cases but not all.

Thanks for showing me that you don't know much about computers.

Doug D.

I suppose there are environments in which what he says appears to be true. Certainly not in the C standard. (I dunno about VB.)

but hey even THEY are subject to truncation error and roll over (although most compilers have overflow and underflow error checking).

At my job we recently ran into a truncation error issue in fact.

Doug D.

I didn't say you "couldn't" change the bits to make it negative, I said when you add one to the number, the system is not going to just flip the bits so now you have a negative.

1111111111111111+ (32767)
0000000000000001= (1)
0000000000000000 which in signed 16 bit notation is -32768

welcome to Boolean math...

Doug D.

So what, you have to check the maximum value against the current value to see if you can increment every time?

You have to take into account underflow and overflow conditions and you have to size and type variables appropriately for the job.

It's best to oversize when ever possible to prevent this which is why 32bit numbers are what make sense in the voting machines not 16 bit numbers.


Doug D.

but not about the overall effort to create the application and tabulators. In fact, people have already done it.

I work in IT, not at the level of expertise as this engineer, but I know enough to know that this idea wouldn't work. My knowledge is dealing with ordinary computer users with only basic skills and what it would take to implement what he suggests. Who does he think works at polling places? Board of elections? These are private citizens with little or no familiarity with computers. My experience on election day was that they didn't even feel comfortable with the machines now let alone with all of these additional technical steps they'd have to go through in his world. Burning CDs would be too much let alone Ghosting software. They get simple training once a year, , in very basic stuff and often forget it. Does he imagine a budget for IT professionals in every precinct? Appearing from where exactly? We can't get a unified national ballot but he imagines a systematic backup and recovery system everywhere uniform? Physical security and chain of custody? We can't get this guaranteed with paper ballots in a box but he imagines a system where passwords and data copies are handled better like secret agents passing microfilm.

In 5b) he contradicts himself. First he describes it unlikely that aggregate totals would be altered based on the BBV demo. Then he says that this very thing should be abolished because it is so easy to hack. Which is it? He is making all of these declarations but admits he has no idea what security is in place.

"It seems like all of these very obvious security techniques were being
ignored or by-passed in the Sanchez' demo and I hope that they are actually
being practiced in the real world." How do you crtique something with so little research?

And how do we assure that these security measures are implemented by ordinary people in every precinct in the country? Not at any point in this system he spells out did he mention how recounts would be conducted. The closest he came was tossing out his entire computerized system for optical scans of ballots since they can be recounted. Wouldn't it just be a lot simpler and cheaper to just have those ballots and toss the machines?

Where's the plan for hardware failure? On election day grandma's gonna replace a hard-drive? Who exactly would be doing all of this? Collecting burned DVDs? Do we back those up as well since we've all had scratches on CDs that make them inoperable. How many votes would be disenfranchised if one DVD is lost? He imagines every poll worker understanding the importance of data backups and security. He imagines polling places filled with himself or at least one tech person to supervise and be there for emergencies. It is an unrealistic and unenforceable premise unless it became an official govt paid position and even still leaves our democracy open to technical vulnerabilites which are inherent in any system regardless of the extent of testing.

We are trying to re-invent the wheel when we had it all along. In grammar school we wrote down our votes and put them in a box and they were counted. My democracy learned everything it needed to know in Kindergarten.

Paper Ballots only! End of story.

They need technically skilled people for that.

I think that CD's could be burned automatically by the systems just as the flash cards are written to now without operator intervention.

And if you read what I wrote, I said we NEED PAPER BALLOTS and that I OPPOSED TOUCHSCREENS. That doesn't mean that every single paper ballot has to be hand counted though.

Doug D.

then an entire election system overhaul is needed to have technical people at each polling location to verify a continuous working system and complete data security and integrity? That in addition to the budget requirements for the technology an entirely new need for personnel is added? who decides the qualifications? Who hires? How is this fleet of experts maintained? Compensated? Seems like an awfully expensive difficult and impossible to completely verify type of system. We have a country that hasn't even agreed upon what a ballot looks like.

Paper in boxes is simple, cheap, and easy to deal with before, during and after a vote count. As long as someone can count they can work at a polling place. It's Grandma who is at the polling places. That is the system we have.

Your solution would work in a controlled setting but that doesn't exist anywhere let alone everywhere.

They are needed to close out machines at the SOE office.

People keep claiming that "paper in boxes" is cheap and simple... the reality is that it is probably neither and grandma can't count either.

Doug D.

;)
Paper in boxes is just fine, easily replicated and scalable. The same excellent measures would be needed for chain of custody as you suggested and there are far less variables that could alter things on election day. I personally feel this is a much more secure method especially after a very negative experience I had on election day with poll workers dealing with technology. It certainly has worked for a very long time. I do respect the effort, time, and thought you clearly have taken to put forth your opinion. I do not doubt your expertise for a second. I just don't think it's a realistic thing to implement. We disagree.

I am serious. What you need are good test scenarios that cover ever aspect of the code to be tested. In fact, we professionals know that it is better to not let the testers see the code when they test. Because if they know the code, they are more likely to test the code in a "friendly" manner or incomplete manner. In otherwords, they will test the source code (are you following me here), not WHETHER THE PROGRAM ACTUALLY PASSES THE REQUIREMENTS OF THE PROGRAM TO BE WRITTEN. To make this clearer, if I hire you to bake me some cookies, I could either A) test in the end that the cookies taste good, or b) test that you added 1 cup of sugar, 2 cups of flour, three Tablespoons of peanut butter, preheated the oven to 450, baked for 2o minutes, and let cool for 10 minutes. Which test is better for determining whether you got a good cookie? Will test B even result in a good cookie (I don't even know)?

Now change it to a security system for a house. Do you want to test for whether
A) Intruder Detection
i) Breaking window causes alarm to sound
11) Open unlocked door after alarm is set causes alarm to sound
iii) Cutting power to system causes allarm to sound

-or-
B) Installation
i) Electrian ran wire to box in stairway
ii) Chipset AZ-102-W installed in alarm box
iii) Fresh battery inserted into alarm box

Which set of test would you rather use on your new alarm system? A of course, yet you know nothing about how it works. You want to test the PERFORMANCE of the alarm system, the END RESULT, not how the thing was put together. Every programmer knows this. That's why you really should write the software tests first, using the software end-result requirements as a guide. Then you test the software to see if it really does what it is supposed to do.

a note about open source. "Open source" is a term that doesn't mean "the public gets to see it." It is a special type of software development where the owner actually provides the source code to anyone who wants it and encourages people to improve on it. Then the owner will take those improvements and if he wants to he will include those improvements from the public into the next version of the software. It's like getting programming work for free. A benefit of this is that lots of people, and anyone, can loko at your code, run your code, and see or experience the mistakes. It's pretty hard to put malicious code into open source projects.

Amazingly, the most secure encryption and security code is open source. Kind of weird huh? Secrecy actually makes the code less secure. This is because the power of making things secure is not through secrecy of how its done, but through means that are mathmatically too difficult for even big computers to figure out an break. This is a fascinating topic. But here, I'll tell you my password: it is the 47588th prime number divided by the 6868th prime number and rounded to the nearest number. There you go. No secrets. Go figure it out. It might take you awhile even with a computer doing the calculations. Even if you do figure it out, I will have changed my password by then. You just can't keep up. That's one way open source encryption works.

or design docs then you are deceving yourself.

How do you know that you have exercised all possible execution paths?

Fact is in multithreaded event driven code, it is almost impossible to do so without knowing the design of the source and typically you can't even test all combinations (it's a factorial math problem that grows like 1x2x3x4x5 even faster than exponentially) because of the number of combinations involved and the time required.

That's why code inspection and analysis is required.


Doug D.
Orlando, FL

I don't understand how you think it is necessary to see the source code for non-unit testing (right, that's what we're talking about here, testing done to see if the developed software fulfills the design reqirements). It's like bizarro world to me.

We don't give our QA teams the source and tell them to look at it and test it. And we don't give that to the business either.

And dude, you don't test all combinations, because you can't. You test all scenarios that will cover all combinations. Like I don't test adding all numbers up to 100. I test boundary conditions (like 0 and 100), and outside the boundary conditions (like trying to use a negative number or number greater than 100), and I test when the number rolls over into double-digits, etc. In fact, with gui stuff, you can't test all combinations of what the users can do, there's too many permutations. But you do test entry and exit, and input and output, screnn flow, data handling, etc. If your stuff is designed right and the code uses encapsulation and is coded to interface rather than concrete class, then you can do unit tests, then integration tests, the security tests, then performance tests, and have it all automated so it doesn't take hardly any time at all but yet all aspects are covered.

Dude, I think I am starting to see the problem with the voting software...apparently there are lots of people who don't know how to design and test.

Check it out: Black-Box Testing http://en.wikipedia.org/wiki/Black_box_testing
You HAVE to test against the spec, not the coding.

and where there is an incentive to design it not to perform to spec, but to conceal the non-compliance.

Hypothetically, you could test a hacked GUI for years and never see a problem, as long as you never used a particular Easter Egg sequence. (Edit to add: Just an example.)

But source code review is no bargain either. Avi Rubin, I think, writes about an exercise in which his class members try to stump each other with how few lines of code it takes them to disguise howlingly awful bugs.

I think that the real problem would not be that someone could open up a secret gui to do stuff, but that the gui would be able to change the votes undetected. The design must control for data data manipulations outside a voter placing a vote. The design also must also control for votes being changed by more than a quantity of one on a machine. The design must also have a way for the voter to confirm their vote by something other than in-memory data manipulation (meaning, just showing on the screen what they voted for is insufficient, it must be printed out or something). But this is all a discussion about hardening the system and securing the data, which definitely is the harder part. What gets me are these "glitches" that are totally not the result of bad programming.

Obviously there really is no need for electronic voting. It is a scam. Rather than a few ballots not being punched all the way in or whatever, now we have uncertainty that the vote totals are even correct. If the argument is that this makes entering votes easier for the voter, then what we should have is the electronic voting machine just be input-to-paper only, no tabulating. Have the machine print out a card that says waht you voted for. Then have more than one person count them up and signed off on it, and then have people tabulated and sign off on it.

It is so, so, so obvious that the electronic voting machines are purposely designed to be faulty, primary so that someone could change the votes without difficulty, and secondarily so that the people get used to tolerating errors in elections. So now we just do not know whether elections were fair or not. They could be 100% accurate or way, way off. We just don't know anymore.

but a means of triggering an Easter Egg via the standard GUI. It's just one trigger mechanism (among many) that has been posited. Of course that begs the question what is being triggered.

I don't think electronic voting is a scam. I just think that, at least as presently implemented, it is a really bad idea.

Check this out: Suppose you had a database table that stored the vote tallies. We know that under no circumstances should the votes change when someone is not voting (req 1) and we know that the values for each item on the ballot should either not change or increment by 1 (req 2).

So let's create a database monitor application that watches the data, even running on a separate machine, as long as it can constantly watch the data. It will sound an alarm if the totals change under circumstances that violate the 2 requirements. Now it doesn't matter who has access to the db. You don't even need a gui, just give them the capability to edit the table values directly. It doesn't matter. There's nothing they could do to fudge the data, as long as the db monitor is running. Perhaps the voter could go to the monitor and have it display to her what the difference in totals was from before she voted, and that way she could verify that it recorded her voted correctly.

So data access (or gui controls even) isn't the problem. In fact, more access (the db monitor) made it more reliable. No easter egg would be able to fudge the data on voting box.

With this scenario it's not impossible to fudge the data, but much harder. And this was just one little aspect.

(BTW, to Doug if you are reading, we didn't even need to see the source code for this)

I didn't say anything about data access vs. data integrity.

You're right, though. Didn't mean to go off so much based on your one post. This whole thing just infuriates me.

But before someone says, "hey stupid, the GUI is the presentation layer" let me just say that in this example it is that also. But in my example, which was based on how Diebold does their code, the GUI talks directly to the db. There's nothing in between. And even if the GUI code is separated from the data io it is still running as one process on one box. Therefore, the gui process is the data access layer also.

If there were a separate, independent process that brokered the data handling between gui and db, then I wouldn't say the gui is the data access layer. But the problem would still be a data integrity problem.

When I said GUI, apparently you thought of a tabulator/report interface, which was practical. I was thinking of a voting machine interface, which is admittedly less practical (i.e., the idea of implementing vote miscount on a particular voting machine by having someone press some magic series of presses does not scale very well, compared to other ways one might steal lots of votes). Nonetheless, it has been discussed as a possibility.

AFAICT the Diebold implementation is so brain-dead that it is hard even for many computer pros to focus on the details of what is or isn't broken. (I have been a computer professional, but not in my current incarnation.)

(fixed dumb typo)

The real problem with EVM's is the touchscreen which is not hand verifiable.

Optiscan paper ballots are easily hand counted and have no "pregnant" or "hanging" chad analygous problems that I can see.

Doug D.

You have to do things in exactly the right sequence and timing very often for a bug to show (be it an intentional "easter egg" or a more mundane coding or design error).

That is why I say you have to do both the spec test and the code analysis and THEN beta test the code with users outside of your company.

Doug D.

No you DON'T hand the source code to the actual people performing the spec test but people in the same testing company also ought to be looking at it for logic errors, etc. which often dont' show even when testing the boundary conditions.

You really have to do BOTH. Test to the spec is just a START. Code analysis is part two. Beta testing is part three.

In my world of high speed data-acquisition and test at least, testing is very much timing dependent and defining testing boundaries is often almost impossible unless timing issues are carefully thought through and this requires analyzing the code design for multithreading and timing dependent issues.

I ALREADY said you can't test all the combinations because of the factorial nature of the problem but even testing boundary conditions is often just a spot check. Things can also happen in the middle of the envelope as well as on its edges because we make incorrect assumptions about where the edges actually are in the absence of the source.

As for code quality, I have worked on military projects in the recent past and found amazingly poor, non-object oriented code with UI's intermixed with code, etc. so I don't really expect to find nice clean interfaces in other people's code that I can just test around the edges.

If they did steal some close elections in 2006 then, of course, it would be the ones they won by a close margin that you would want to look at. Were there any of those? The fact that there are some that they lost by a close margin says nothing, really, about whether there were other elections that were hacked. The conclusion you can draw from 2006 is that they did not steal all of the elections. There is no way you can support a conclusion that they did not steal any of the elections. How the hell would you know?

Also, it is possible that there were some 2006 races that they applied e-fraud to but miscalculated and did not use enough of it. If their fraud algorithms had only limited local knowledge (or even no knowledge) of developing results rather than omnipotent knowledge then they could have been mis-calibrated and therefore not strong enough to steal sufficient votes.

Another possibility is that increased scrutiny foiled some plans to apply e-fraud to the 2006 election. Maybe they would have stolen a bunch of elections but could only dare steal a few in the current environment.

Finally, what if they have somehow managed to have e-fraud in place in many races all around the country that always skims a couple of percentage points. With the whole distribution of win/loss results red shifted you would still have some close wins and close losses. They just wouldn't be the same races that would have been close without the widespread fraud in my present postulation. So the presence of close losses does not support a conclusion that e-fraud is not present.

You are several layers deep of speculation built on speculation with this conclusion. I say that we continue to investigate, dig into actual physical evidence, and see what we find in both the 2004 election and in 2006. 2000 and 2002 are probably too stale to bother with at this point (unless something drops into our laps). Progress is just now starting to be made in Ohio 2004. This shows that it may take a couple of years to get down to the actual facts of an election under the current regime but that with persistence there is at least a possibility. Blackwell is going kicking and screaming at every step and it will not be surprising to see Florida powers do the same with regard to Sarasota County and other 2006 irregularities. Maybe when we finally get down to the meat of it then we will conclude everything is on the up and up. Or maybe not. Either way you are premature and without foundation in your pronouncement that 2006 was hack-free.

_{Edit: minor wording.}

I'll be spending MY time improving the systems and getting the Democrats out to vote instead.

See you at the polls in 2008.

Doug D.

"wasting ones time on conspiracy theories". You know, trying to anticipate all the possible threats and then put measures into place to prevent them, that sort of thing.

If we are going to have e-voting then we, of course, need to "waste our time on conspiracy theories".

Better that we never, ever rely on the results of a computer program to tell us election results, but in this sad period when we are unfortunately relying on computer programs in some cases then it is only reasonable to be utterly suspicious of them.

BTW, do you think Microsoft should spend any time thinking of ways that Windows can be hacked? Or would that be just a waste of time?

CLEARLY I understand the notion that computers can be hacked and that people will try. Hence my recommendations to make it much harder to hack and to provide a real accountable recountable vote.

Do you really think you can turn back the clock to the 19th century and eliminate all computers from your life?

This is a silly silly argument.

Doug D.

silly. He's one of the most astute people on the forum.

My biggest mistakes have been to underestimate eomer's arguments.

I'm a software architect / developer so that wouldn't be practical for one thing.

What I advocate is that we not grant them any reliance. For example, I'm perfectly fine with using a computer for a task like tabulation but only when both the input and the output are fully and publicly disclosed. Put the raw data out on a public website and then put the tabulations that derive from those raw data on a public website and then you have my blessing for tabulating by computer all you would like. I can spot check or even check 100% of the tabulation if I so desire.

What I object to is the use of computers where I have to trust the result without any ability to double-check it. For example, paperless DREs like we have here in Miami-Dade County and like they have in Sarasota County.

I'm not satisfied with making it harder to hack the computers. Because with that approach I will always have to trust someone else's opinion about whether they have made it hard enough or not. If election workers want to use computers to lessen their workload then that is fine but they need to find ways to do so that don't take away my ability to observe the election meaningfully. Luckily there are ways to do just that. Paper ballots with optical scan work just fine (as long as there is an effective hand audit). Or if you just love GUI voting then use a touchscreen and have it print a ballot that is readable by both a human and a scanner. Put that ballot into the hands of the voter, who reviews it and deposits in a secure ballot box. Then use opscan for counting.

There is just no excuse for putting trust in computers for election purposes. It is not necessary, it is foolish, and no matter how secure you say you've made it there is no good reason I should believe you.

As I have argued in several of these endless, related threads ddeclue keeps spamming, we should not trust our nation and our world to computer counting of ballots. Count by hand, in public, at the precinct, with the public invited to observer and participate. We used to do it rather quickly with volunteers.

Even if we were using open source, validated software, we could still be at risk of embedded attacks -- things like pre-infected hardware from an offshore supplier that only wakens at certain times.

Before automating anything, we learned the KISS rule - Keep It Simple, Stupid.

There is no way for me to know that the version disclosed is the version actually on the machine. Or, as you point out, whether something in the nature of a virus is also on the machine, either pre-installed or installed at some other time. Plus, when they talk about open source for election software they do not mean that the source will be disclosed to the public like Linux is. They mean it will be disclosed to a few authorities with clearance and maybe to a selected expert or two. As a citizen I would not really be in a better position than I am right now.

so you can match the source to the compiled code.

I think that the source actually ought to be a GPL "Linux" type situation with freely available source code, build numbers and check sums that can all be independently verified by whoever wants to do so.

Doug D.

checksums on them? Really? How many do I get to access? And when? Is someone going to be watching what I do and must I run them again after everyone else does so I can make sure that the other guy was really just running checksums? What if he trusts me no more than I trust him? How can both of us be the last one to check before the election?

If you want to build a system that I can trust based on an approach such as this then you have one heck of a job ahead of you. Let me know when you've done it and then I will go to the trouble to think further about it. But why bother? Wny not just build a system that I can check up on without the use of checksums. One that is based on paper. There are plenty of people who have no idea what a checksum is but do know what paper is and how it works. They deserve a system they can understand and verify too. A system that is transparent only to computer specialists would give new meaning I guess to the claim that "geeks rule" but other than that it sounds like a very bad (and, once again, unnecessary) concession.

The SOE operators would responsible for demonstrating that.

I don't see it being necessary to demonstrate the checksum to every single voter anymore than it would make sense to let every single voter sit down with a half million ballots in a warehouse and hand count them for himself...

At some point you have to trust the people running the systems.

What I see is a demonstration of checksums to an officially registered poll watcher of a political party, any candidate, any law enforcement official, or any accredited media journalist not a demonstration for every single voter.

Doug D.
Orlando, FL

then I am right back where I started. I don't trust anybody to do anything right now. In our current system we have many people in positions of trust who just pretend to perform their duties. Running checksums would surely seem like just an unnecessary bother to some election worker somewhere out there who would just sign the paper without actually performing the check. Just like there are testing companies right now who only go through the motions. Just like, for example, election workers in Ohio who thought the 2004 recount was ridiculously unnecessary and therefore were fine with faking it.

And, once again, the attempt to base a system on trust is totally unnecessary. It is quite possible to have a system based on transparency instead.

You could literally spend the rest of your life counting 60,000,000 Presidential votes for yourself and could you even prove where they came from unless you watched each voter vote them?

At some point you must have some trust or the whole exercise becomes a futile unworkable task that can not be completed.

Doug D.

So the worst case under my approach would be that in some parts of the country I would just fall back to the best case in your approach.

In every area of the country where there are honest observers then I am better off. In the parts of the country where there are no observers or no honest observers then I am just back to trusting the local officials as you would have me do anyway.

I can't tell which you're arguing: that blackbox transparency is better than a false sense of complete transparency ("things have to get worse to get better"), or that releasing the code makes it more vulnerable (the Diebold argument), or that you'd rather be done with electronic voting machines entirely because of the vast quantity of unknowns. I can sympathize with the last position, but you need to make the positive argument to that effect, not one against interim steps that (almost) everyone agrees will shed light on the process.

Plus, when they talk about open source for election software they do not mean that the source will be disclosed to the public like Linux is. They mean it will be disclosed to a few authorities with clearance and maybe to a selected expert or two

By that definition, Diebold is open source. Who are "they"? I thought the consensus definition of open source meant public scrutiny, releasing it on the web where people can compile it, that sort of thing. Otherwise it's hard to call it "open", isn't it? I mean, when someone other than "they" argues for open source, they usually mean just that:


I think he meant "poring", but all-out transparency would address the FUDs with embedded logic and pre-installed software (Windows has no business on any machine requiring the public's trust, IMO).

There is no way for me to know that the version disclosed is the version actually on the machine.

Besides a PGP checksum? Human security and custody are at the center of any (successful) security arrangement, even ballots are meaningless without someone to make sure republicans aren't hiding in the back with Wite-Out.

After all, I STARTED the thread in the first place..if you don't want me to reply, then don't post in my thread..

It's silly to think you are going to count 60,000,000 votes by hand in the next Presidential election in any reasonable amount of time.

Doug D.

I don't know of anywhere in my post where I say "just trust the computers"..

I am looking for a paper, hand countable system and my proposals like eliminating using aggregate counts as the official vote record are EXACTLY what you are describing.

I don't see the problem you are having...

Doug D.

Your argument that the 2000-2006 elections were not hacked does not hold water.

The fact is that we do not know whether some of those elections were hacked or not.

If you have means motive and opportunity and if we believe the vote stealing conspiracy crowd it has happened multiple times before - then why not in this particular election? And if NOT in THIS election why should I believe it happened before either?

Doug D.

were stolen by machine fraud. In the other years we have no idea whether some of them were stolen by machine fraud.

In all of the years being discussed we won some and they won some. What, again is your point? That unless they steal all of the races then they must not have stolen any of them?

It is perfectly reasonable to think that, if they are going to steal some elections, the pattern of which ones they steal may be totally erratic and unpredictable.

You start with an assumption that is unfounded and then extrapolate from it using relationships that are imaginary. Other than that your argument is fine.

if it was within their power to fix the elections.

All they had to do was fix Montana and Virginia...

If they couldn't do this I highly doubt they could do it at all.

Doug D.

Problem is we know election fraud is not impossible. Ergo... flaw somewhere in the logic.

I haven't even seen the movie, so maybe I should recuse myself -- but I've read most of the thread, and it seems to me that if someone writes "LIKELY NOT" in caps in the subject, it isn't entirely cricket to paraphrase it as "proved."

I could keep going. You seem to be vehemently rebutting an argument that Doug has gone to some lengths to disavow. This is uncharacteristic.

Beyond that, if there are interesting reasons why it would actually have been harder to 'dial up' Republican votes in VA or MT 2006 than in GA 2002 or FL 2004 (just picking a few states somewhat arbitrarily), that would be, well, more interesting than arguing about "election fraud" in the abstract. As for OH 2004, if it was stolen through vote miscount, punch card tampering was probably a big part of the story, and that isn't even within the scope of Doug's OP as I understand it (all depending on how one interprets "technical").

The problem with the argument is that it terribly oversimplifies how things work. It imagines that fraud perps only have to decide which races they wish to steal and then they just pull an easy trigger and the election is stolen just the way they would like. It is sort of the Ronco appliance for election fraud -- it slices, it dices, it steals elections at the push of a button.

Reality, OTOH, is more complicated. There are myriad possible fact patterns involved in the implementation of an election fraud mechanism. To name just a couple: perhaps they needed one or more assets in particular positions in order to install a cheat and didn't have those assets in place in VA or MT. Or maybe there actually was a cheat installed in VA and/or MT but it didn't get installed on enough machines due to who knows what developments on the ground and therefore didn't steal enough votes. Even Chloe on 24, who can normally hack into any DOD or NSA super secret system in "just one more minute, Jack", is occasionally unable to get in due to some unexpected new countermeasure, someone looking over her shoulder at just the wrong moment, or some new director of CTU who gets suspicious and lowers her access rights.

With regard to the word "likely", Doug may be using that word but he is not staying true to its meaning. In the election cycles from 2000 to present there have been thousands of federal races. Doug is saying, if I understand him correctly, that he thinks that likely not one of those races has been hacked. So he is attaching the word "likely" but in reality is pushing the conclusion to the extreme. If he were saying that "likely most of the races were not hacked" or "likely a relatively small percentage of the races were hacked" or some such then he would have a more tenable position. But to go from 2 races that we assume (but don't really know) weren't hacked and then to extrapolate that "likely not one of the thousands of races over 4 election cycles was hacked" is truly a stretch.

Maybe my paraphrase doesn't capture what Doug wanted to say but that's the way I hear it. Do you think he means "not one" race was hacked out of thousands or something less extreme than that? (Or, of course, Doug is welcome to jump in and clarify).

except that, in context, I think it is a stretch to interpret the OP's point (a) literally as an assertion that technical vote hacking probably didn't occur anytime, anywhere. Not that I think the OP is perfect, I just think it's probably possible for the two of you to have a more interesting conversation.

but the planets don't seem to be aligning right now.

Much of the OP is related to the details of a pursuit that I'm opposed to on principle. I am against using technical solutions to build a system that citizens would trust based on the use of checksums, passwords, encryption, write-once mechanisms and other similar geek-talk. Ordinary citizens should not trust such a system even though, unfortunately, too many of them will. I'm not inclined to get into the technical aspects of that pursuit because I think it is the wrong path altogether. Instead we should be talking about designs that don't require trust of computer programs. We seem to have already had that discussion very quickly and easily -- Doug and I both are of the opinion that opscan is the way to achieve that.

I'll watch for some part of the discussion that I can jump into that may be more interesting and less confrontational. Thanks for your thoughts.

now because I'm going to orientation in a little while to observe the recount here in Sarasota on Wednesday. Do you have any suggestions for me just in cast I don't get to research all this BEFORE Wednesday??

I don't agree that nothing happened here. I have worked in this area for quite some time, and Sarasota county was ONE county that Jennings was heavily favored to win. But now, she loses and I'm NOT BUYING Kathy Dent's BULL about people NOT wanting to vote in this county! We were her so called based and Buchanan knew as well as Cobb AND Jebby!

I have to get ready to leave in a little while, but will be here until 6:00PM. Then I won't be back until after my orientation. The only REAL solution here is to have ANOTHER election in THIS county alone. I'm sorry, but there are far too many of us here who just can't buy the crap the Repukes are throwing around. We "could" be wrong, but some precincts under voted by as much as 25%! That IS NOT normal in any way. My own precinct under voted by 19% and I find that highly improbable!

I don't know whether Kathy Dent honestly thinks at this point that all those voters just willfully abstained, but hardly anyone else does.

That doesn't necessarily mean that the election was actually hacked. From the evidence so far, I don't know how one could tell. But one way or another, a lot of people who intended to vote in that race didn't manage to do it.

people here who WILL testify to this. If Jennings didn't have enough people to come forward, I doubt she would have filed the lawsuit. That was issue NO. 1 when I talked to her in person. She needed people willing to tell their stories. And I talked to her BEFORE she filed the lawsuit!

She's in D.C. as we speak and she believes she won, but then so many others think so too!

have a recount fund set up:

http://www.actblue.com/page/bluemajority?refcode=DKosFL13recount

The manual count was slated for tomorrow, HOWEVER IMO we are going to be in for a ride down here.

Now it seems, Sarasota County doesn't start til Thurs., but the campaign and lawyers were told that they would start Manatee County tomorrow at 1:00 PM, but they "might" start Manatee in the morning so people are going there just in case they decide to start WITHOUT the Democrats! Then Thursday it's supposed to be Sarasota and maybe Charlotte too, but THEY (Repukes) seem to be playing more games!"

We will ONLY be counting the Absentee under votes or over votes and challenge those that were thrown out because the machine (supposedly) couldn't read the intent of the voter. This is FIRST on the Agenda, and then we can go from there to the ES&S machines, but even the lawyers aren't being told what they are going to see when the print the votes from each machine.

And if you're getting confused... well join the club! It's cat & mouse to some extent and it reinforces my belief that they ARE hiding something. Taking so much time, making this or that excuse and the machines that seemingly lost the 18,000 plus votes are from Sarasota County! Those won't come into play until after the manuals on the absentees!

Anyway, I wonder what we will end up with, but most here think that IF a re-election is demanded that most certainly the fix will be in and Buchanan will win by a larger margin! Basically WE don't trust these people for nothing and they are saying one thing for appearance and doing another behind the scenes. So until I actually get to the place they are going to have this manual, I don't know much of anything!

Two lawyers were there tonight Coffey and Heckler (Broward Cty) and they will keep us as informed as they can. Even though there is a lawsuit from what I understand that won't come into play until we finish this next phase. They have about 450 affidavits from locals who had problems voting and more coming in all the time! The room we met in tonight was over-flowing and so many people keep calling about this mess. They can't keep up with all the reaction and it's HECTIC!

This place is in chaos! I'll post what I know, when I know it!

It is really important for citizens to observe all the processes at all steps of our elections.

Unfortunately I don't think the recount is likely to shed light on what caused the undervotes -- it's going to take forensic examination by computer scientists. But I still think you are doing something very important. I volunteered as a citizen observer of the closing procedures on 13 out of 14 early voting days plus election day here in Miami-Dade. We have ES&S iVotronics just like you do and I can't really vouch for the accuracy of the election since I can't see inside the machines but I still feel that I did something that needs to be done.

thing going on here. It's all systems go, and we will jump through hoops for as long as it takes for now. Nobody is willing to give up and it's PUSH BACK all the way!

We all know what they are trying to do, but for now there's a great deal of commitment and determination. When it will stop is anyone's guess! Overwhelming amount of support keeps coming in, I just wish we had a MAGIC lawyer or something!

I just CAN'T believe I'm living through this crap all over again! And it's Cruella again to some extent because Dent, Cobb and Jebby are digging in too! But there is NO doubt something smells to high heaven, that much everyone agrees on!

Well, I have a stack of papers to read (Florida Election Law) and what constitutes a true vote, versus the other.

I'll be back... sometime!

I just asked my 13 yr old, he said "NO".

I just wanted to get your thought on that little FACT.

and that's why I said that in my original post:

Code should be open source
ballots should be optiscan paper ballots
and a manual count of a random 3% of the vote should always occur as a minimum.

Doug D.
Orlando, FL

to the tune of trillions of dollars annually, they will make some cosmetic reforms to the system, enough to let people think there is hope when there really is none. This time it takes the form of paper trails and open source software that will leave the hackable voting machines in place and permit another stolen Presidential election in 2008. The Democratic Party, Common Cause, and many other large organizations are rallying around HR550 which calls for paper trails, or calling for open source

http://www.opednews.com/articles/opedne_mark_e___061110_they_re_already_hack.htm

OptiScan IS a Paper hand countable ballot.

And I DID call for open source software.

What's the problem here?

Doug D.

in the elections process are very dangerous. They denounce anyone who wants paper ballots as being a "Luddite" or "technically challenged," yet some of the most respected experts have clearly explained why technology is not appropriate for elections systems, as they need to be transparent to the public, not just to experts.

Snip...So the paper trail and open source people are taking no chances. They have targeted the top political leaders in the country and they are on every blog and mailing list. If anyone talks about hand-counted paper ballots (HCPB) they start the smears, personal attacks, belittling, and dismissals that are their only weapons in lieu of reasonable arguments.

HCPB is the cheapest, most reliable and transparent elections system known. With HCPB you don't have the wrong candidate sworn in while the experts are still trying to examine the software or demand a recount--in fact you don't need experts at all. Machines and experts have no place in our elections, they belong to We the People. But only if we can take them back from the experts who have stolen them.

http://www.opednews.com/articles/opedne_mark_e___061110_they_re_already_hack.htm

Mayor Daley stole plenty of elections in Chicago without the aid of a computer...

Doug D.

"All of the computing machines," explained CBS's Eric Sevareid, "are now saying Kennedy."

"We should put all those electronic computers in the junk pile," Leonard Hall, Nixon's campaign manager, told the press. "This one is going down to the wire."

The networks ignored Hall and listened to their computers. NBC predicted a landslide for Kennedy, but when the race got tighter, the network began backtracking. It called Ohio for Kennedy, then awarded it to Nixon. Later, both NBC and CBS predicted a Kennedy victory in California. That, too, proved wrong: Absentee ballots ultimately swung the state to Nixon.

http://www.washingtonpost.com/ac2/wp-dyn/A36425-2000Nov16?language=printer

Could you imagine what Daley could have done if he had these computing machines at the precinct level.

It doesn't take a computer scientist to figure that out. David Dill of Stanford put it simply: A man sits in the curtained poll booth. You go in and tell him who you want to vote for and he writes it down. Then you're supposed to trust that he recorded your vote as you intended?

That's what we have with computerized voting.

As far as Democrats winning back Congress this election, how is that any proof that all the code in all the electronic voting machines wasn't set to take 5% from the Democratic candidate and add 5% to the Republicans. Maybe enough Democrats got out and voted so that they overwhelmed the fix, unlike 2004. The Republicans won't make that mistake with the machines in 2008, so we better not stake our lives and our Democracy on trusting that it isn't so.

That's what you have with TOUCHSCREEN voting.

People here on DU are just lumping Touchscreen and Optiscan together like they are the same thing when they are not.

Optiscan uses a paper ballot that you manually mark with a pen and which can be counted by humans in a totally manual process if necessary.

TOUCHSCREEN is the problem, not Optiscan since it is a verifiable paper ballot.

Doug D.

Optiscan is a viable option in place of DREs, but because it uses the same code as the DREs, to be verifiable and transparent, it should only be used where there are automatic, random, independent audits of the paper that are monitored by citizens of all parties and at a level that is statistically significant enough to determine accuracy, which will depend on the state, how many precincts, etc etc.

Sounds like you're quoting my original post back to me ...

I'm all for that.

Doug D.

As was seen from the Ohio recount, there was manipulation and fraud involving all types of compilers in various counties in Ohio. See Richard Phillips thread on manipulation and fraud in the 2004 Ohio election.
and Green summaries of their audits of the various counties during the recount
I have a partial summary of their findings here: www.flcv.com/greenrc.html

also see the new North Carolina thread involving opti-scan compiler losing votes, undervotes
which was also seen in many areas in the 2004 election from the EIRS data.
compiler doesn't advance, some poll workers noticed it and checked the log in books against official votes when there observed such.


also there have been many incidents involving the smart cards,
see www.votersunite.org

of poor little Shawn Southworth at Ciber and as you said, "The CIBER people were simply given a check list of test specifications by the purchasing gov'ts which likely as not wasn't complete due to a lack of technical sophistication on the part of the purchasing SOEs and a lack of insight into the development process of the vendors." From my experience in getting information through Open Records Requests, it isn't the state governments/election officials who are giving Ciber the test specs, and that was part of the point of the so-called "ambush."

Which according to Southworth, the ITAs were testing what the vendors dictated and only what they dictated. That's independent testing? Have you ever tried to find out just who is Shawn Southworth? If you can produce a resume with his education and qualifications for the job he's doing, lots of people (myself included) would love to see it, since even something so basic as citizens wanting to know just what someone's qualifications are for a job are stonewalled. Maybe he's the most qualified person for the job in America, but again, no transparency.

And if the vendors are controlling what the "Independent" Testing Authorities test, and are paid by those vendors to do the testing, just exactly why are we to trust that the code that comes out comes out clean, if that is the code that actually ends up in the machines without being altered somewhere along its path? Or that the escrowed code is the code on the machines on election day. Diebold was said to have put unauthorized patches on the code in Georgia just before the 2002 election. Then there is the lawsuit by the SOS in California that Diebold lost because of uncertified software being put on their machines.

It's the SOE's responsibility to spec these machines in the contracts they let and it is the SOE, not the Vendor whose responsibility it is to assure that the products test to spec before accepting them. If the SOE's allowed this to happen - it's their own fault.

Of course the SOE's are often "technically challenged" shall we say and have relied upon the vendors for their testing rather than doing what is right.

It's STILl not CIBER's fault.

They got a contract- they performed the contract - they got paid.

It's the SOE's fault and the states Department of States that failed to properly get these machines tested.

Doug D.

system is flawed from the EAC & HAVA on down. And citizens are being asked to trust those systems and will continue to be asked to do so, amid assurances that our votes are being cast on secure, accurate and reliable systems ....because everyone along the line in the process says so, not because we can verify it ourselves.

The stakes are too high for us not to clearly understand that any possible hole can be and probably will be exploited. We're talking about billions of dollars that are the spoils of the victors of national elections.

I certainly do not dispute that these systems are flawed and need improvements. But there also seems to be a willingness to conflate optiscan voting with touchscreen voting, label them all bad and chunk everything out the window whether it is deservd or not.

I hoped to offer the DU readers a sober and technical view of this issue but have been fighting fires over it all day long...

Doug D.

kind of audits.

However, you did make assertions about previous elections not being stolen because the Dems won this time around. I don't think we have any evidence that supports that conclusion one way or the other. Not yet, but we're working on it. And that is a sore point with me, because we need the Democrats to get behind dumping the DREs (paperless and papered) . After all, they have been responsible for much of the installation of these nontransparent voting systems around the country and now that they have a little power, we need them to get a clue.

when the 2002 FEC Standards prohibit "self modifying, dynamically loaded or interpreted code" ?

occurred widely. He obviously has lots of technical experience, but I believe clearly has for some reason not
seen the degree of documentation of the widespread fraud, manipulation, dirty tricks, and switching that have been documented in recent elections by the large non-partisan election monitoring system, many of whose volunteers have as much technical knowldege of equipment issues as Douglas.

Florida had a huge amount of manipulation and dirty tricks in 2004 that swung hundreds of thousands of votes
www.flcv.com/fraudpat.html www.flcv.com/fla04EAS.html

similar for Ohio wwww.flcv.com/ohiosum.html

and other states www.flcv.com/summary.html

password, by the time I got back I couldn't edit it so started over- see below, sorry
dup of sorts

And if they do OCR at the precinct are they tabulating at the same time?

How do the optiscans detect which precinct a ballot is from for purposes of ballot rotation?

In OH in 2004, the punch cards did not have the precinct punched, it was printed on the ballot and it was extremely easy to mistabulate a ballot by tabulating as if it was from another precinct. Due to ballot rotation this resulted in the wrong candidate being assigned the votes. It also was extremely easy to overvote a stack of punch cards with an implement such as a darning needle.

For the most part OH had not spent the HAVA money as yet in '04 and there were lots of punch card counties.

and reading the threads on election problems here.

I agree with much you say but there is more to much of it than you appear to be aware of.
It doesn't appear that you've been active in election protection issues with people including the techies, who've been
following the widespread documented manipulation throughout the country, or to have been interacting with those who have.
I'm an advanced programmer and have some background similar to you but not a machine techie.

I was monitoring the Florida election in 2000 when Gore clearly won the election by a lot, except for having the election stolen by many mechanisms of manipulation. As you noted, there were many thousands of legal Dem voters who were purged to reduce the minority vote, and thousands who should have been registered under Florida motor voter law who weren't due to systematic bias, and other registration manipulations. All sorts of suppression of minority vote.
And as noted on the Gore won thread, the butterfly ballot was manipulated in ways that many weren't aware of in ways that cost Gore thousands of legal in Florida votes in both Duval and Palm Beach counties. Under the design voters were able to vote for Gore twice, and not only able but minorities were specifically provided "educational information" that encouraged them to do so. But the SOE then rejected thousands of legal in florida votes as part of a scam that was never exposed, even though officials were told by me and others the day after the election about the voters who voted for Gore twice.
In Florida the law is that if the intent of the Voter is clear, then its a legal vote. In these cases the intent was clear, but though this was known the votes were rejected on the pretext that that were "double votes" since the computer rejected them because 2 votes showed up in the Pres. race. This was clearly in contradiction to Florida law, as confirmed by the Major Media recount after the election. Which also confirmed that Gore would have won if all legal votes were counted and that hanging chads were not a sifnificant issue. I agree that the manipulation was not machine manipulation other than that its likely that the butterfly ballot design was intentional given the also wrong special instructions given to minority precincts and irregardless the compilers were used to reject votes that were known by many voters to be legal and this was never corrected. Likewise without all of the illegal purges and manipulations of minority registrations, and manipulation of thousands of absentee ballots, it appears Gore would have won by well over 50,000 votes.
As noted the Major Media recount after the election confirmed all of this and that in a fair election Gore would have won easily.

But while the manipulation of 2000 had less to do with machines, 2004 was a different situation. There was a huge effort by non-partisan election protection orgs to make sure that similar manipualtions as in 2000 didn't happen in 2004. But while they weren't successful in that goal, they were successful in generating huge data bases of irregularities reported to hotline numbers in all states. And in 2004 it was documented that there was a huge amount of purges, illegal dirty tricks, manipulation of absentees and provisionals and machine distribution,etc. that meant long lines and low official turnout in minority precincts- things like Douglas talked about, but in this one also huge amounts of votes swung by switching, "glitches", compiler manipulations, wireless patches of manufacturers to compilers during the election, manipulations of counting and compiling of almost all kinds of systems, etc. Most of these were documented by the massive EP efforts in Florida and Ohio and by the Ohio recount. But also in other states. Hundreds of thousands of votes were documented to be swung, and very strong evidence that the election was swung in 3 states.

Florida www.flcv.com/fraudpat.html www.flcv.com/fla04EAS.html
Ohio www.flcv.com/ohiosum.html
Other states www.flcv.com/summary.html
Students www.flcv.com/studentv.html
Glitches and "undervotes" www.votersunite.org

Jiacinto, formerly of DU and now on DailyKos, had an excellent rundown on the Florida congressional districts a few months ago. Ridiculous gerrymandered creativity. They appear to have formed an unusual percentage of 55-65% districts, in a balanced year. We damn near toppled some of them this time but wound up with only Mahoney and Klein. Minus Foley, it would have been just Klein. Obviously FL-13 appears to be another case of will-of-the-people probably denied.

So much to digest, and so many excellent points I've never seen brought up. I, too, thought the election workers were treated unfairly in the movie and that the music was emotionally manipulative toward suspense and drama. Otherwise, it was great. I would, however, say your opinion on the likelihood of vote hacking is less important than the people trusting election results. I think you'd agree, but it really should be stated explicitly. Everything you've said deserves consideration by everyone who cares.

The success of Democrats in '06 raises questions in my mind, too, about whether Diebols, ES&S, Triad, etc. are all working to support Republican interests. But then I remember the terrorist threat at the BoE in Warren Cty Ohio, impossible leaps in Bush votes, "glitches" that 99% of the time favored Bush, the intentional thwarting of the Ohio recount (including non-random selection of the 3% count you advocate and "cheat sheets" posted by Triad employees, deviation from exit polls.... Less evidence of fraud was found in Ukraine, and the world (inclu. USA) rejected that outcome at the same time we were clamoring for answers here. Why hasn't election raw data been released? Until some of that is answered, I can't accept that Bush was ever elected.
So why did 2006 work well for Dems? Did they try "the fix" and fail? Did they skew results less than they needed? Were they counting on their non-tech schemes to work better? (These seemed to be on hiatus, too.) Was there too much attention on fraud, andn they let this one slide. Is the Executive most important to them? Did they orchestrate anxious MSM stories about election security and throw this midterm in order to put the issue to bed in the minds of voters and legistlators? Was there never the capacity to fix elections?
Whatever the truth is, the results in 2006 prove nothing about 2004 and prior, IMHO.

I admit to being sort of flummoxed because the current Republican crew can't seem to stop itself from overreaching. If they have a venue available for theft, they generally use it. As Mark said in that presentation in Boston, they're suicidal. The only unknown is if they'll take themselves out first or take our democracy with them. :shrug:

On the other hand, they have been in disarray for some time. There are cracks between the 41 and 43 contingents as well as along the side of the fundies base not to mention the white supremacists who are mad because we haven't rounded up Mexican people.

There are also law suits pending, aren't there? The vendors may be weighing their liability more carefully today than they did even two years ago.

These conditions alone make fraud more difficult, imho.

Also, there were many more eyes on the election this year. We're not going to be caught flatfooted in the same way again.

I still don't feel like we have the whole 2006 picture, though.

We're not sure yet but it appears that we have multiple symptoms. That is, multiple aberrant behaviors by the UI of the DRE. We have reports from voters of different behaviors and if we take them at face value then we must have multiple causation. It is possible, though, that some of the voters have the behavior somewhat misstated and so they could resolve down to fewer aberrant behaviors than what we currently think.

Aberrant behavior that I've heard of:

1. House race (among others) did not appear in the main voting screens but did appear in the review screen.
   
2. House race appeared in the main voting screens but was positioned in such a way that it was easy to miss.
   
3. House race appeared in the main voting screen at the bottom of one screen and then fell over into the following screen. Jennings was on the second of the two screens in a small font and was therefore very easy to miss.
   
4. Voter touched to select Jennings but no selection for that race showed up when arriving at the review screen.
   
5. Voter touched to select Jennings but Buchanan selection showed up for that race when arriving at the review screen.

There could also be variations on the last two with regard to whether the selection showed up correctly on the main voting screen and then changed when arriving at the review screen or, alternatively, didn't show up correctly in the first place on the main voting screen. The voter may not have noticed how it showed up in the first place, although when I voted on the same model DRE here in Miami, a rectangular area that covered the entire width of the screen and was close to an inch tall was highlighted to indicate the selection on the main voting screen. If it's the same in Sarasota County then it would be hard to miss a selection for the wrong candidate showing up right away.

We really have to get into the details if we want to say anything meaningful about the cause(s). I hope we get a detailed step-by-step account of the audit when it occurs. In the meantime it sure would be nice to see the voter affidavits that have been collected. Does anyone know if they are available?

AND THE ELECTION OFFICIALS CAN'T............

and we have 75 votes that went from one town to another town 35 miles away...

THIS IS THE Newspaper REPORTING STORY ON WHAT WE WERE DOING HERE IN NJ OCEAN COUNTY!!

http://www.pressofatlanticcity.com/news/local/ocean/story/6937770p-6800676c.html

we just ran the machines again and the same count came up as election night..but the election board members can not explain in any way how 75 votes from Barnegat, NJ ended up in Lakewood,NJ voting machine totals!!

I know i was there for the court proceedures and the machines being opened and 4 tapes being run on each machine,.

and the eletion board officials said they have no idea ..none whatsoever how 75 votes from one township ended up in another towns voting machine tally ..35 miles away!!

and they said it must be the "glitch" (which is bullshit i say failure) ...occured in the software..

soooooooo switiching not only occurs in the machines , now the switches occur in townships 35 miles apart from each other!!!!!!!!


XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

PLEASE SCROLL DOWN TO ARTICLE :Final results on voting-machine tests: All good

THE BELOW ARE ALL ARTICLES ABOUT THIS VOTING MACHINE FAILURE !!

Miscounts spark recheck of voting machines
Problem is in software, county officials say

By MEREDITH KOLODNER Staff Writer, (609) 978-2015
http://www.pressofatlanticcity.com/news/local/ocean/story/6920381p-6783235c.html

Published: Friday, November 10, 2006
TOMS RIVER — A software problem that caused a miscount of votes in Barnegat Township and Lakewood will mean every voting machine in Ocean County will be rechecked for accuracy.
The votes registered at one voting machine in Barnegat's District 10 in Heritage Bay were counted twice due to a glitch in the vote tallying software, according to Election Board officials.

On Wednesday it was also discovered that the results from Barnegat's District 10 were added to the results of Lakewood's District 25 in all the races that appeared on both ballots, namely candidates for U.S. Senate, county sheriff and county freeholders.

County officials said they will ask the Superior Court on Monday for permission to recheck every vote in the 758 machines used Tuesday.




xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Judge delays recheck of county voting machines
Rules candidates weren't sent proper information

By MEREDITH KOLODNER Staff Writer, (609) 978-2015
Published: Tuesday, November 14, 2006

http://www.pressofatlanticcity.com/news/local/ocean/story/6931925p-6795048c.html

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Voting-machine recheck finds no new problems

By MEREDITH KOLODNER Staff Writer, (609) 978-2015
Published: Thursday, November 16, 2006
http://www.pressofatlanticcity.com/news/story/6937705p-6800676c.html

The county requested the recheck after votes at one of Barnegat's machines in District 10 were counted twice due to a glitch in the vote tallying software. It was also discovered that the results from Barnegat's District 10 were added to the results of Lakewood's District 25 in all the races that appeared on both ballots, those for U.S. Senate, county sheriff and county freeholders. District 25's votes will be rechecked on Thursday.

The county and the state believe that rechecking the machines will produce an accurate vote from Election Day, since the vote tallying software is not being used to read the results. Instead, paper read-outs from each machine from the recheck are being compared to read-outs from Election Day.

“I think the result in Barnegat makes it clear that the vote tallying software was wrong,” said George Gilmore, chairman of the Ocean County Board of Election. “The paper tally from District 10 (in Barnegat) is identical to the tally from Election Night.”

The Barnegat Democrats say they are focusing on the next step in the process.


xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ahhhhhhhhh how is it all good when we have software that is tallying our votes wrong and even in other towns???????? AND THE ELECTION BOARD STATES THEY HAVE NO IDEA HOW VOTES FROM ONE TOWN ENDED UP ON THE MACHINES OF A TOWN APPROX 35 MILES AWAY!!

http://www.pressofatlanticcity.com/news/story/6941169p-6803863c.html

Final results on voting-machine tests: All good

By MEREDITH KOLODNER Staff Writer, (609) 978-2015
Published: Friday, November 17, 2006

TOMS RIVER — Ocean County officials said Thursday that the results of a recheck of all 758 voting machines were identical to the results produced by the machines on Election Day.
“This shows that the discrepancies were in the vote-tallying software and that there were not problems with the machines,” said George Gilmore, chairman of the Ocean County Elections Board.

Officials asked for the recheck after it was discovered that votes from one machine in Barnegat Township were counted twice and votes from that machine for county, state and federal races were added to results from a machine in Lakewood.

The Elections Board will meet today to decide which provisional and absentee ballots are valid and will be included in the vote total. The board will then vote to certify the results of the Nov. 7 election.

Candidates have until Nov. 22 to ask for a recount, which would include rechecking the machines and recounting the absentee and provisional ballots.




xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Electronic Voting
Reason to worry

Published: Monday, November 6, 2006
http://www.pressofatlanticcity.com/opinion/editorials/story/6907758p-6771839c.html



FLY

is easy for those who would desire to do so. And surely there are some of those who would be willing to do it.
Manufacturer reps have virtually unlimited control of elections and compilation of votes in many areas, with little oversight or control, and lots of opportunity for manipulations.
Likewise many partisan officials have virtually unlimited oportunity for manipulation. With little transparency or checks and balances in place in most areas, it would be surprising if there weren't a lot of manipulation.

I will get to that, but first, this statement bears scrutiny:

Based on this <2006> election, I don't believe the vote was actually stolen in 2000
or 2004 using technical hacking means but rather through the Republican
party simply doing a better job of mechanically turning out their base
voters than the Democratic Party in combination with old fashioned voter
suppression through fear tactics

You base your major conclusion that there was most likely no fraud in 2000, 2002, and 2004 on the fact that the Democrats won big in 2006. This doesn't make sense on the face of it. "They would have done it this year" is not enough for a general conclusion about past years.

But let's play for a moment Rememeber that was incredible scrutiny of the 2006 elections and the vulnerabilities of electronic voting, with the California VSTAAB report (more on that below), the Brennan Center report, major security vulnerability widely publicized in May 2006, the Felten hack, Lou Dobbs's long series of stories on CNN, the Robert Kennedy, Jr. articles in Rolling Stone (in which a former Diebold insider states that Diebold's then-CEO Robert Unrosevich personally distributed uncertified patches in Georgia in 2002), and to top it off the weak before the election, the HBO special that is the subject of your post. Enough to scare even the reckless, most would admit.

What's more, if one wants to not get caught committing election fraud, one has to keep the fraud plausible. Expectations in the 2006 election were awfully lopsided, and too many victories for the GOP against the grain of every generic ballot poll, and the vast majority of named polls, would have poured a truckload of gasoline on the flames of suspicion that were already beginnning to burn quite nicely thanks to all of the reveleations described above.

Now to the second, weak, or I should say, simply incorrect argument:


That really stretches the term "hack".

All that was done was the opening and manipulation of a standard database
file (it appeared to simply be a Microsoft Access .mdb file) using some
simple SQL queries which did the obvious and expected thing - it altered the
stored records. It wasn't really much of an impressive "magic trick" to me
as a programmer.

Not mentioned in the documentary is that every file stored on your computer
has a time and date stamp and a file size and that every NTFS formatted hard
drive has a master file table (MFT) and journal logs that track file changes
on the hard drive. A simple SQL record change as demonstrated in the video
would be fairly easy to detect using common forensic techniques so I would
not be willing to describe the vote change demonstrated on SOE Sanchez'
computer using the SQL query as "untraceable".


Uh, that is apparently a reference to Harri Hursti's ability to get into GEMS, the county's Global Election Management System software. Hursti did do just that, on a mock school election, and admits that the hack was traceable.

That is not the hack that is the centerpiece of the documentary.

See the state of California's Voting System Technoology Assessment Advisory Board's analysis, "Security Analysis of the Dibeold AccuBasic Interpreter"

www.ss.ca.gov/elections/voting_systems/security_analysis_of_the_diebold_accubasic_interpreter.pdf

The report validates the feasibility of untraceably altering vote totals by putting malicious code onto the memory card, as Hursti does in the film. The hack shown in the film is commonly called "the Hursti hack," or "Hursti 1."

The report states:

Memory card attacks are a real threat: We determined that anyone who has access to a
memory card of the AV-OS, and can tamper it (i.e. modify its contents), and can have
the modied cards used in a voting machine during election, can indeed modify the election
results from that machine in a number of ways. The fact that the the results are incorrect
cannot be detected except by a recount of the original paper ballots.

Harri Hursti's attack does work: Mr. Hursti's attack on the AV-OS is denitely real. He was
indeed able to change the election results by doing nothing more than modifying the contents
of a memory card. He needed no passwords, no cryptographic keys, and no access to any
other part of the voting system, including the GEMS election management server.

Interpreter bugs lead to another, more dangerous family of vulnerabilities: However, there is
another category of more serious vulnerabilities we discovered that go well beyond what Mr.
Hursti demonstrated, and yet require no more access to the voting system than he had. These
vulnerabilities are consequences of bugs|16 in all|in the implementation of the AccuBasic
interpreter for the AV-OS. These bugs would have no eect at all in the absence of deliberate
tampering, and would not be discovered by any amount of functionality testing; but they
could allow an attacker to completely control the behavior of the AV-OS. An attacker could
change vote totals, modify reports, change the names of candidates, change the races being
voted on, or insert his own code into the running rmware of the machine.

Successful attacks can only be detected by examining the paper ballots: There would be no
way to know that any of these attacks occurred; the canvass procedure would not detect any
anomalies, and would just produce incorrect results. The only way to detect and correct the
problem would be by recount of the original paper ballots, e.g. during the 1 percent manual
recount.

Page 30 of the report discusses how the "checksum" could be manipulated.

The VSTAAB members include David Jefferson of the Lawrence Livermore National Laboratory, who was one of the members of the California panel shown grilling a Diebold exec in the film. This stuff is admittedly, above my head, but the hack shown in the film has been validated by people with as much expertise, or more, as anyone in the field.

As for the possibibility of forensic discovery of the hack, I think this quote from page 13 of the VSTAAB report:

The attack could erase all traces of the attack to prevent anyone from detecting the attack after the fact. For instance, once the attack code has gained control, it could overwrite
the malicious AccuBasic object code (.abo le) stored on the memory card with legitimate
AccuBasic object code, so that no amount of subsequent forensic investigation will uncover
any evidence of the compromise.