Dori Smith of TalkNationRadio.org provides a report on Connecticut issues at Brad Blog. A summary of her excellent broadcasts this fall, along with the issues raised for Connecticut by memory card problems with the Diebold Premier AccuVote-OS optical scanners in Florida.
Diebold Optical-Scan Failures Reported in Florida May be Affecting Connecticut As Well <read>
This week’s TalkNationRadio by Dori Smith, Raindrops Keep falling on Connecticut’s Diebold Voting Machines: <read and listen>
Interviews with Connecticut Registrars, Deputy Secretary of State Lesley Mara, and True Vote Connecticut member George Barnett. Coverage of the November 6th election and the problems with wet ballots.
Former corporate auditor George Barnett:
‘In 2006 twenty eight of the 550 recounts from seventeen districts there were differences of ten votes or more between the machine counts and the hand counts. In 19 of those of those 28 recounts the machines recorded a higher votes than the hand counts. Now, after these audits the Secretary of State put out a press release saying the optical scan machines performed very well on election day without any problems and that any changes in vote totals found in these audits were due to ballots being marked incorrectly by the voter–not to any problems with the optical scan machine.
So if 19 recounts the machine count was higher than the hand recount during the audit, that contradicts that statement. And I personally reviewed an audit in Monroe where the machine had a higher count than the hand recount and I talked to the Registrars there and they never spoke to the Secretary of State. So it seems like the Secretary of the State made this statement without basing it on fact. She did not look into any of these differences.
Barnett has also written about these issues at CTVotersCount <here> and <here>.
A six minute report form Cuyahoga Ohio covering Diebold and the California reports.
A recommended short introduction to the issues! <UTUBE Video>
Its almost as if you give someone your keys and yet they are able to hotwire your car faster than putting the key in the ignition – Candice Hoke
Susan Bysiewicz held a press conference to symbolically trash a lever voting machine and raise voter confidence in the implementation of our new voting machines. We applaud her formal announcement of the testing of memory cards by UConn, however, we beg to disagree with the lack of concern for the programming of the memory cards <read>:
LHS has nothing to do with our elections except that they program the memory cards,†Bysiewicz said.
While basically accurate that is far from reassuring – the memory cards have EVERYTHING to do with our elections. If the memory cards are corrupted, democracy is lost, all our efforts to vote, the time and expense of running elections, the time and expense candidates and their supporters put in is in vein. Sort of like saying the Fox has nothing to do with the chickens except that we send the chickens to Massachusetts to the Fox house for a little vacation.
Update: Continue reading “Bysiewicz Trashes Levers – Minimizes Vulnerabilities”
Secretary Bysiewicz is taking steps to improve security and procedures with our voting machines. More seals and testing of spare memory cards for most districts by UConn. Yet, the procedures must be clear to election staff and followed unfailingly — a huge challenge when changing so many locations at once, with 169 municipalities with dedicated but predominately very part time election staff. CTVotersCount readers know that the audits remain insufficient to detect errors and deter fraud.
Dori Smith of TalkNationRadio.org covers her investigation of procedures not being followed in 2006, the risks of outsourcing election programming and management, along with potential problems posed by new and conflicting procedures <read>.
Are Connecticut’s new electronic voting machines safe from fraud? A year-long Talk Nation Radio investigation found serious security problems when the machines were first used in some Connecticut towns during the 2006 election. There was chaos at the polls during the 2nd District recount and LHS staff members were refusing to follow the voting machine security protocols drafted by Secretary of the State Susan Bysiewicz under Chapter 9 of Connecticut law. The 2006 protocols were rushed through, and a year later the state’s new protocols were hastily constructed and are still being updated for the public with the Nov. 6 election right around the corner.
Memory cards have been failing in Florida on AccuVote-OS scanners. Diebold won’t release the actual data claiming it is proprietary. Also attempts to blame the customer for the problem. BradBlog has the story. <read>
The resulting reports, from 17 of the 27 counties, show two counties with over 9 percent memory card failure rate and some counties with zero. The average failure rate is 2.8 percent; nearly three times what Diebold/Premier is admitting publicly.
Datona Beach News-Journal:
Diebold officials said the 4.4 percent error rate in Volusia was unusual, that the average was about 1 percent. The company conducted a survey of 27 Florida counties that use its machines but refused to release the results, calling them “proprietary business information.
The company offered several explanations for the damage, including improper cleaning, foreign objects and improper memory card removal or insertion,
Update: More from Brad Blog <read>
Nonetheless, some very good stuff here. Of particular note, are the points from Diebold’s recommendations which “appear to border on the absurd,” that should voting machine memory cards be lost, “elections must be re-scheduled.” Or if they fail, as our recent story concerning Diebold’s admissions about memory card failures in Florida pointed towards, the company says “all voters will have to be called in to re-vote.”
Update 11/12: Some responses from Diebold/Premier <read>
The Secretary of the State’s Office has taken action to reduce the chance of tampering with voting machines in Connecticut by requiring three additional tamper evident seals added to the Diebold AccuVote-OS optical scanners. The problem was outlined in a recent FAQ at CTVotersCount.org – the canvass bag and plastic seal are vulnerable, while the memory card seal can be bypassed by four screws on the bottom of the AccuVote-OS. In addition advocates complained that the parallel port had not been disabled as recommend by UConn.
Two seals will be placed over the ports of the AccuVote-OS, while another placed on the side to indicate that the optical-scanner was opened by the screws.
Hats off to the Office of the Secretary of the State for swift action to address these concerns. While we doubt these seals are a perfect solution or that there is one, they are an added layer of protection, and appear somewhat more difficult to defeat than the canvas and plastic seals.
In August, the Secretary of the State of California decertified electronic voting equipment from Diebold, ES&S, and Sequoia. Her action was based on the Top-To-Bottom Review, which consisted of four reports on each vendor. Two of those reports, Documentation and Source Code were not released at the time. On October 5th, I highlited the Documentation Review. Today, I highlight the Source Code Review.
A Source Code Review sounds like and is a very techinical topic. However, this report is very educational and easy to read. Read the Executive Summary, read the Introduction, and more. I don’t expect everyone to read it completely, but please start and see if you agree that it is accessible and articulate. I cannot add to the report, however, I can provide some highlights and encourage you to go farther <the report>
From the executive summary:
Our analysis shows that the technological controls in the Diebold software do not provide sufficient security to guarantee a trustworthy election. The software contains serious design flaws that have led directly to specific vulnerabilities that attackers could exploit. These vulnerabilities include:
- Vulnerability to malicious software…
- Susceptibility to viruses…
- Vulnerability to malicious insiders…
Although we present several unpublished vulnerabilities, many of the weaknesses that we describe were first identified in previous studies…
we conclude tht the safest way to repair the Diebold system is to reengineer it so that it is secure by design.
Continue reading “Diebold Source Code – CA Top-To-Bottom Review”
Update 10/28: The Secretary of the State’s Office has taken action to mitigate these concerns by requiring three additional tamper evident seals to indicate when the case has been open and to protect the ports. <read the details> Our democracy hangs, literally, by a vulnerable plastic thread – that can be compromised with a few … Continue reading “FAQ – How can the scanner be hacked? It is kept in a canvas bag protected by a tamper-evident seal!”
Update 10/28: The Secretary of the State’s Office has taken action to mitigate these concerns by requiring three additional tamper evident seals to indicate when the case has been open and to protect the ports. <read the details>
Our democracy hangs, literally, by a vulnerable plastic thread – that can be compromised with a few $, in a few seconds.
Background: The recent story in New Britain started curiosity for information on the actual security of the canvas bag and the tamper-evident seal that are required to protect the AccuVote-OS optical scanners in Connecticut. By fortunate coincidence I had just started reading the CA Top-To-Bottom Source Code Review of the Diebold Voting System which also led to an article, Tamper-Indicting Seals in American Scientist by Roger G. Johnson, head of the Vulnerability Assessment Team at Los Alamos National Laboratory. (I will post a review of the CA Source Code Review in the near future)
Even though there is a tamper-evident seal over the memory card in the optical scanner, that alone would be insufficient to protect the memory card from unauthorized changes for two reasons: 1) Despite the recommendations of the University of Connecticut, the parallel port remains operational and exposed to provide access to compromise the scanner’s software and/or the memory card. 2) Four screws can be removed to provide access to the memory card and other parts for alteration/replacement without without disturbing the seal. The employed solution is a canvass bag matched with a tamper-evident seal enclosing the entire optical scanner.
Bev Harris of BlackBoxVoting.org has posted a stimulating discussion of the election in Bridgeport and our vulnerabilities. Not the kind of national publicity we should be proud of in the Constitution State: <read>
Bev alleges no known illegalities or incorrect vote counts, but points to the vulnerabilities of our custody procedures, the sealing of our voting machines, the inadequacy or irrelevance of the inner seal, and some questions specific to Bridgeport. Whoever won or should have won, the Bridgeport mayoral primary demonstrates several vulnerabilities which do not instill confidence.
Whoever won or should have won, the procedures in Bridgeport mayoral primary have left plenty of room for fraud…
In other words, this is a “Trust Me” elections model where you are trusting private contractors…
Despite a lot of hoopla about security procedures and special testing of memory cards and seals, we received citizen reports of at least one midday voting machine replacement. This, in a location where only 270 votes separated candidates. One or two polling places was enough to do the trick…
I have not seen the seal on the canvas tote bag, but that is actually the only seal that matters (if it even matters; I have a little experiment in mind…). The seal on the voting machine itself is a sham…
By the way, the legal term for racketeering, the charge brought against our friend the Bridgeport mayor, is “conspiracy.” Next time someone calls you a conspiracy theorist, consider saying, “Well yes, in the RICO sense, I suppose I am.”
Bev was the featured guest on Voice of The Voters last night in Pennsylvania. Two of the three callers were from Connecticut, including yours truly. I briefly discussed the recent audits. She pointed out that in her opinion that audits are not really public unless we actually see the ballots as they are being counted. Food for thought.