Reply #2: Diebold Demands Removal of Memos - Press copy [View All]

Diebold Demands Removal of Memos - Press copy

Meanwhile, many Americans have decided to revisit the Boston Tea Party. Over 500 voting activists are now in possession of the Diebold memos, on three continents, and they are distributing them as fast as they can. "Think of it like a really patriotic chain letter," says one activist.

Honoring democracy: The BlackBoxVoting.org host has so far refused to honor Diebold's demand.

See the Diebold letter: http://www.blackboxvoting.org/diebold-memos-1.htm

Visit forum for BlackBoxVoting.org web host lawyer's reply to Diebold http://www.blackboxvoting.org/blackboxvotingcgi/dcforum/dcboard.cgi?az=list&forum=DCForumID25&conf=DCConfID1

In the memos, dated Oct. 2001, Diebold's own principal engineer Ken Clark concedes that it is a simple matter to do an "end run" around the Diebold "GEMS" voting software, used for both touch screens and the lower tech optical scan machines, and goes on to say that people have used this "back door" in elections.

CLARK: "Right now you can open GEMS' .mdb file with MS-Access, and alter its contents. That includes the audit log. This isn't anything new."

Diebold admits that the memos are authentic, and claims copyright protection.

CLARK: "Being able to end-run the database has admittedly got people out of a bind though. Jane (I think it was Jane) did some fancy footwork on the .mdb file in Gaston recently. I know our dealers do it. King County is famous for it. That's why we've never put a password on the file before."

Diebold's own memos authenticate the security flaw I wrote about on July 8, 2003 (http://www.blackboxvoting.org/access-diebold.htm).

In contrast to their rebuttal to the Hopkins/Rice report, Diebold has never denied that I reviewed actual, working, certified versions of its software which are used in real elections, and they have never contended that my analysis is wrong. Clark's memo shows why: The tamperability was well known by senior programmers at Diebold, and had been in place for 10 years.

The memos also show that Metamor (now Ciber), the Independent Testing Authority (ITA) entrusted with testing voting machine software, called attention to the security flaw in Oct. 2001:

NEL FINBERG: "Jennifer Price at Metamor (about to be Ciber) has indicated that she can access the GEMS Access database and alter the Audit log without entering a password. What is the position of our development staff on this issue? Can we justify this?"

Principal engineer Clark acknowledges the security weakness and replies:

CLARK: "if you don't bring this up you might skate through Metamor."

He goes on to say:

CLARK: "Bottom line on Metamor is to find out what it is going to take to make them happy."

Metamor agrees to overlook the flaw.

FINBERG: "For now Metamor accepts the requirement to restrict the server password to authorized staff in the jurisdiction, and that it should be the responsibility of the jurisdiction to restrict knowledge of this password. So no action is necessary in this matter, at this time."

Finberg's response says the software has been approved because the user of the software will have a password. However, I showed in the same July 8 report that the GEMS password can be overwritten in five minutes by any 14-year old.

This leaves only the Windows NT security which is altogether outside the Diebold voting system. Unfortunately, other memos indicate that the less secure Windows XP system is now being installed, moving away from a previous requirement for Windows NT, which had at least some built-in security.

The Diebold memos also demonstrate that the company made fraudulent claims to the state of Georgia when selling its system.

Georgia voting machine R.F.P. March 2002: IV. PHASE I, DIEBOLD TECHNICAL PROPOSAL:] "Generated entries on the audit log cannot be terminated or interfered with by program control or by human intervention."

R.F.P. March 2002: IV. PHASE I, TECHNICAL PROPOSAL: "Beyond the standard array of Windows NT-based layered and encrypted security, GEMS application provides all the security measures necessary for complete system security."

Principal engineer Ken Clark also notes that the security flaw has been in place for at least a decade:

CLARK: "This isn't anything new. In VTS, you can open the database with progress and do the same This is all about Florida, and we have had VTS certified in Florida under the status quo for nearly ten years."

=================================

BlackBoxVoting.org contends that they have the right to publish the memos, which were given to them by a Diebold employee, and that this right supercedes Diebold's right to copyright protection because:

1) The Ken Clark memo demonstrates intent to break the law. The flaw violates both FEC standards and most state statutes. In California, for example, it is against the law to sell a voting system that is not tamper-resistant.

2) The publication of the memos serves an overriding public interest.

3) Other memos provide additional evidence of failure to follow the law, and reveal new security flaws. Specifically:

- At least two sets of memos discuss using cell phones to intercept and transmit vote data

- PERHAPS MOST IMPORTANT OF ALL: The memos document that Diebold has been using changed versions of software in elections, versions that were never submitted for certification at all. What this means is that none of the testing and certification protections apply, and no one, not the ITA, the secretary of state, or any election official (or, according to the memos, even Diebold's own tech support staff) have any idea at all what is contained in the lines of code in those uncertified programs.

What this means is that only three people in the world know what's in the Diebold software code used to run several elections, particularly in California. Two of these individuals are Canadian and one is a Russian living in Canada. Their names: Ken Clark, Talbot Iredale (a stockholder), and Dmitry Papushin.

I have provided a CD containing the memos to my congressman; at least two other members of congress in other states were also given the memos. A "rig-a-vote" CD from California activist Jim March containing step by step instructions with bona fide Diebold software showing how to change the audit log, overwrite the password, and change the votes during the midst of an election.

Over 500 activists in the USA, Canada, Europe and the South Pacific now have the Diebold memos.

- Diebold software is easy to tamper, according to Diebold's own principal engineer

- Diebold has been using untested, uncertified software in elections

- Diebold has been experimenting with insecure and unauthorized remote communications, including use of cell phones to intercept and transfer vote data during real elections.

- Diebold has submitted sales literature that misrepresents its system.

For complete set of memos, contact any voting activist to ask for directions to the next stop on the Diebold "Underground Railroad."