Friends


The Agonist
Media Matters
AmericaBlog
Atrios
Bérubé
Daily Kos
Booman Tribune
Juan Cole
Joe Conason
Counterpunch
Crooked Timber
Daily Howler
Brad DeLong
Digby
Dohiyi Mir
Making Light
Democratic Strategist
Fafblog
Fire Dog Lake
First Draft
Kicking Ass
Lean Left
Left Coaster
Liberal Oasis
MyDD
NDN Blog
Off the Kuff
Oliver Willis
Pandagon
P.M. Carpenter
Political Wire
Politics 1
Seeing the Forest
Skippy
Talk Left
Talking Points Memo
Tapped
Tom Tomorrow
Wolcott
Wonkette
WTF is it Now?
Yglesias

Voting-machines tested, report up on CALIF Secy of State website Email Print

By joan reports
11/28/2005 03:55:20 PM EST

                                    [ --- cross-posted at  dailykos  and  boomantribune --- ]

     California's secretary of state Bruce McPherson is all set to re-certify the Diebold touchscreen TSx that he barred from use a few months ago.

On the state's website, you can see the report of the consultant McPherson hired, dated November 11, that concludes Diebold's submission (as revised) now "meets current standards for use in California" —  with a couple of "caveats."


Are you ready for this?

Read up on these "caveats," below.  Diebold is under a court order from a Calif. court to upgrade the security of its system after the plaintiffs (Bev Harris and computer programmer Jim March) successfully sued to shine a light on all the naked, inviting vulnerabilites of  its trademark voting machines.

The Sec'y of state's consultant [Steven V. Freeman] notes that the court order requires what he calls a "Windows secure setup" (page 1 of his report).

"When we tested the use of GEMS under this [updated] configuration, all changes worked effectively except the stopping of Remote Access Connection Manager and Telephony.

Investigating, we determined that the Microsoft default startup was restarting these automatically and a script to edit the Windows Registry was needed to terminate the automatic start."      --   page 6, item 9


What this means.   So AFTER Diebold reconfigured startup to what the consultant expected should now be a "Windows secure setup" (page 1,  PDF),  it still has in there capable (default) external connectivity available to   Remote access Connection Manager  and Telephony capability — a surprise to the consultant who was checking that this kind of external connectivity was by now precluded from the default startup.  

The re-testing was performed Sept. 26-29, 2005 in San Diego at the Bahai Hotel. It involved "volume testing" of vote casting with 10,000 test ballots entered at numerous touchscreen voting machines.


Here's the second problem.   The consultant confirmed blackboxvoting.org's earlier disclosure that an unvalidated, untested reporting file can be loaded with unknown effects on the vote results reporting:

The reporting files in question are known as AccuBasic or .abo files, which are coded in a programming language specific to Diebold.  24 of these reporting files are available to be selected from a pulldown menu — but the consultant and the independent testing lab authorities ("ITAs") did not access or test 23 of the 24 files.


  — As an aside, the ITAs are not truly "independent" of the vendors ES&S, Hart Intercivic, Sequoia, or Diebold because it is those firms that are the ITAs' clients; the firms are the ones that pay the fee to the ITA to run the test, not any government agency.


The consultant writes that the testing lab validated only one of 24 reporting files.  The consultant explains the risk of the other, unverified reporting files  (sections below):   --->

skip detail, go directly to 'what does it mean?'
[Freeman was given only the file named 195US.abo (with its source code) to test.  23 report files that can be substituted in its place are uninspected and not in the public domain.

The stated purpose of the multiple-files option is to give different reporting/formatting capabilities to each county.]


"The ITA  ... only tested with 195US.abo. The remaining 23 Report files installed with GEMS 1.18.24 have not been validated for use."    (page 1)    

He has a hopeful result from the one of 24 made available:      "The .abo file (I was) given is without risk to the election results."     (page 7)  


           WHAT DOES IT MEAN?

"The actual file used is selected in the AV-OS Options window of GEMS from the pulldown list . . .  so the local user could potentially select any of these files or a modification of that file. The risk occurs in the opportunity to replace the verified file with some other .abo file (prior version, one of the other existing versions installed in the GEMS/ABASIC directory, or by replacing the current code with rewritten code performing other operations.) "    -- page 7
                The entire paragraph is the consultant's vertabim quote, including the parenthetical text.   (Emphasis or underscoring, however, was not in the original.)

The consultant returns to the issue of substitutable report files (which one of the files might actually be executed) in his Appendix, page 12  [PDF], bottom of page.  


Freeman does write the user can try inspecting or checking the text of the source file that is executed. Such an inspection will not provide much assurance apparently   --->  "This will not necessarily catch a modified file.   A stronger test . . .(to have a 'hash program' to run that would generate hash values) "   would be needed, Freeman suggests.  (paraphrasing in parentheses)


Note that in an election in a locale using Diebold equipment, activity to count and report the votes is done on the "GEMS" server (GEMS= Global Election Management System). Note also, DREs means touchscreen "Direct Recording Electronic."

--------------------

In Freeman's appendix, you can see that certain fixes and upgrades were tested only on a single machine, serial no. s/n 203203.  GEMS consolidating (of vote totals) and GEMS reporting capabilities also were tested only on a single machine, s/n 212918.

Apart from vote tallying/accumulation, one requested fix was tested on the selected s/n 203203, instead of the fuller set of volume-testing machines.  That's the supposed fix to correction "the slide contact problem".

The report gives a glimpse of errors possible in previous elections using Diebold touchscreens that are supposed to get fixed now in this particular version of the TSx:

         page 7, item 12.

"Slide contact.  A test we use on touch screen devices is to slide the finger into the vote target area. In the earlier (July) testing, we encountered system errors requiring the system to be reset or rebooted. None of the incidents resulted in a loss of integrity of the vote but the incidents were occurring frequently enough to cause concern.

DESI discovered that, when the voter slide their finger in the final cast ballot action, the slide was not handled correctly and the DRE would complete the vote cast but not clear the system for the next voter. This problem and some similar problems were detected and corrected for this version."

         DESI = Diebold Election Systems Inc.    

See the "Change Test" listed as item #2 on page 15, 'Regression and Change Test' section.

        "three DREs were pulled and additional test ballots run to check problems, changes,
or features that were not used or observed in the volume test.   One of the DREs (S/N 203637) was
set up with a prior version of the ballot station software to show and verify actions that resulted in problems in that version, a second DRE (S/N 203203) was used which duplicated the voter actions on the first but using the ballot station version which was being tested for certification. The third DRE (S/N 212998) was used to perform actions involving checking memory cards, resolving provisional ballots, recovering ballot images, consolidating results from multiple DREs in a single polling place or vote center into a single combined total for upload, and using a master DRE to upload results from other DREs."  

Item 2(c) and (e) on pg 15 give fixes tested and checks done only on 1 machine, #203203:

c. "Sliding finger/multiple touches on various 'buttons' and areas of the voting screens. (This test has been done before but was important in this case as it was discovered after the July volume test that a tester sliding the finger into the button area was causing a number of system errors requiring the DRE to be rebooted.)"

e. "Basic navigation to go forward, back, access summary screen directly, change previously
voted candidates to alternate candidates (the voter correcting a misplaced vote), undervoting races."

Note, perhaps these slide-contact problems observed in the July volume test can shed light on problems observed in other states too, such as Ohio in 2005.

"One problem discovered Tuesday: Some machines began registering votes for the wrong item when voters touched the screen correctly. Those machines had lost their calibration during shipping or installation and had to be recalibrated, Harsman said, a process that could be done on site, but which no poll workers had done before."    --   Montgomery County, Ohio
          -- per the Dayton Daily News Nov. 10, 2005 (last paragraph of the article)  Montgomery Cty, Ohio, uses the Diebold Accuvote TSx    [see handy county map of new technology]

 ------------------
Back to Calif. now  ---

         " . . .uploads were made to test consolidation and final reporting using GEMS. The uploads during the volume tests used only a subset of the DREs and specifically included the units which were used to run specific test procedures."


Diebold also gave the SoS its "Proposed CA System Use Procedures for Review and Comment,"   dated Nov. 14, [PDF] (69 pp.), specifically for its now-barred TSx (Touch Screen) Model R7.

Of interest:

3.4    Software and firmware upgrades

....   patches and upgrades should be downloaded from a separate computer, transferred by CD and also verified with DESI prior to installation.

 This may or may not be a problem.  It depends on whether the patch has been inspected, tested, certified and whether it is logged and installed uniformly across all jurisdictions (unlike Georgia 2002, another patch story entirely!).

8.6.   1% Manual recount procedures

For the purpose of validating the accuracy of the computer count, within fifteen days after
every election at which the AccuVote-TSx system is used, a public manual tally of the ballots
cast in at least one percent of the precincts, chosen at random, shall be conducted ....

Security of GEMS server

[Election officials shall] ... submit a statement to the Secretary of State that no
"DAO capable" program has been installed or resides on GEMS server.
DAO programs include but are not limited to MS EXCEL, MS ACCESS, and other Visual Basic programs designed to work with Direct Access Objects.

Note that a security re-assessment done for the state of Ohio found that a tester successfully   "copied the GEMS database to a USB drive and moved it to a laptop containing MS Access. Changes were made to add votes for one candidate. The databasewas copied back over to the original GEMS server. The changes were reflected in the Election Summary ...." A 2nd successful writeover was accomplished using Visual Basic instead of Access. A 3rd attempt to just run through the firewall was not successful. Ohio is trying to remedy this with a product lock on the GEMS database called "Digital Guardian" made by Verdasys.  Digital Guardian added substantial protection, unless it was run in "safe mode," whereby it was circumvented through multiple conduits.  On the last day of testing Verdasys gave a patch to the testers to deal with the safe mode ("Verdasys acknowledged that Compuware had identified a bug in the Digital Guardian software").

The testing company for Ohio, Compuware, assessed "there is a risk that an unauthorized person with access to the GEMS server can access the database and change ballot definition files and/or election results. [document page 17] The "risk likelihood" is "HIGH."  The "impact rating" on election integrity of such a compromise is "HIGH."  [ Alternate link to original PDF file, here.

Adding a "Digital Guardian" lock to California is not a simple matter:  "Implementation of this [Digital Guardian] technology is very complex and requires expertise that each individual county cannot be expected to provide."

Note also that in June blackboxvoting.org (Bev Harris and Jim March) requested a legally permitted (CALIF Election Code 19202) inspection and go at its machines, as they peformed in Leon County Fla with programmers Harri Hursti and Herbert Thompson.  The Sec'y of State has not yet permitted a test of any randomly selected machine used in the 2004 elections for example.  Negotiations are underway to run this test.


KEYWORDS: ,

Sign up for a Complimentary Member Account... Join the community! It's fast. And it'll allow you to take advantage of all this site's great features!

< A Proposal for the Progressive Blogosphere | Why You Don't Plan NE Blogger Conventions In Winter (MA Blog Conference Tomorrow!) >
 Display:
Voting-machines tested, report up on CALIF Secy of State website | 22 comments (22 topical, editorial, 0 hidden)
Scary stuff (5.00 / 3)
I'm one of those people who is firmly in the 'things look kind of shady, but I don't know enough to make accusations' camp. However, the fact that there are such obvious questions as these, and the fact that the people in charge of this whole election operation seem to be so reticent to provide open cooperation is not encouraging. It's even less encouraging when the same machines keep coming up wiht questionable results, yet they keep being used. And it's even less encouraging that the officials that are promting this all seem to Republicans. Because we all know how much the party of Tom Delay is known for its integrity.

Motive? Means? Opportunity? - The circumstantial case is coming together. However, it does seem that it would be impossibly difficult to keep a secret such as this. One would think a whistleblower would come forward.

Then again, if there are people out there who have no problem rigging elections, then I highly doubt that their conscience pangs too hard over such an affront to democracy.

If you don't understand someone, consider that the shortcoming may not lie with that person, but rather with your own understanding.

by Aethern on 11/28/2005 04:49:56 PM EST

Whistleblowers have come forward. (5.00 / 7)
The press doesn't dig.  They forget about the issue, if there's no "proof" of tampering.

In electronic tabulators and memory cards, the proof will never be visible.  It's the old "catch-22."

The big problems is that elections officials are no longer responsible for physically validating and counting votes cast in precincts, unless a recount challenge or an obvious anomaly lands at their doorstep.

But there have been whistleblowers.  Bradblog and blackboxvoting.org have reported on it.  

by joan reports on 11/28/2005 05:34:28 PM EST

[ Parent ]
Thanks for this Joan (none / 0)
:)

by Jesus on 11/28/2005 10:10:29 PM EST

[ Parent ]
What do you think (none / 1)
about getting an interview with Bev Harris on this revoltin' development?

Political Cortex -- Brain Food for the Body Politic

by Tom Ball on 11/28/2005 10:12:02 PM EST

[ Parent ]
I've done (5.00 / 3)
systems testing in the past (Though not voting machines/software) and I understand that the results, though often acceptable by traditional industry standards, can still appear shockingly... uh... 'murkey' to a layperson.

That said, this entry says it all:

"The testing company for Ohio, Compuware, assessed "there is a risk that an unauthorized person with access to the GEMS server can access the database and change ballot definition files and/or election results. [document page 17] The "risk likelihood" is "HIGH."  The "impact rating" on election integrity of such a compromise is "HIGH."

Dear God. I would hate to think that meets the "industry standard" for our nation's electoral standard.

Great work Joan!

Political Cortex -- Brain Food for the Body Politic

by Tom Ball on 11/28/2005 09:47:56 PM EST

You're right, that's the sum of it all. (none / 0)
Thanks for pointing that out, because someone on another blog asked me to make a shorter summary.  The excerpt you pulled right there will help to make it.

by joan reports on 11/29/2005 12:27:03 AM EST

[ Parent ]
Diebold Loses Case in North Carolina (none / 1)
Just in from EFF:

November 28, 2005

EFF Convinces North Carolina Judge To Throw Out Diebold E-Voting Case

E-Voting Company Forced to Comply with Election Transparency Laws

Raleigh, North Carolina - Responding to arguments made by the Electronic Frontier Foundation (EFF), a North Carolina judge today told Diebold Election Systems that the e-voting company must comply with tough North Carolina election law and dismissed the company's case seeking broad exemptions from the law. [EFF Breaking News, 11/28/05]

Via Politech (Declan McCullagh's site).  Cross-posted to the Nerve Center.

by rba on 11/29/2005 12:31:46 AM EST

[ Parent ]
I know this is NOT the case, (none / 1)
but you would think that if there was ANYTHING that deserved federal oversight, it would be  our antional electoral standards -- transparency, audit trail, user-friendlines, whatever.

All this state by state BS simply highlights the ridiculous nature of what's going on here.

Political Cortex -- Brain Food for the Body Politic

by Tom Ball on 11/29/2005 09:53:55 AM EST

[ Parent ]
Oops (none / 0)
obviously that should be our "National Electoral Standards".

Political Cortex -- Brain Food for the Body Politic

by Tom Ball on 11/29/2005 09:55:26 AM EST

[ Parent ]
Paper Trail? (5.00 / 2)
I didn't see anything here about paper ballots. Did I just miss something or are they abandoning paper trails along with Democracy?

by Embolden on 11/28/2005 09:52:31 PM EST

This machine configured for California (none / 1)
creates a "paper trail" output from the touchscreen that gets printed onto a roll of paper when the person votes.  Once that's done, however, it would take a very cumbersome, time-consuming manual process to extract from the roll a count – or even a partial 1% recount.

Op-scan paper ballots, on the other hand, can be read 2 ways:  (1) by machine and (2) manually to verify the machine method.

So the paper "trail" isn't gone; it's just implemented really badly by this method.

by joan reports on 11/29/2005 12:35:27 AM EST

[ Parent ]
In other words, (none / 1)
it's effectively gone except in the most eggregious circumstances -- which almost never happen.

The idea would be to make the audit/recount as EASY as possible. Thus, any test of our democracy can be dealt with swiftly, automatically and without interjection by the supreme court.

Tinfoil hats be damned. These people just make it so difficult to give them the benefit of the doubt (which, by the way, is something that should not be given when it comes to the integrity of our elections)

Political Cortex -- Brain Food for the Body Politic

by Tom Ball on 11/29/2005 09:59:37 AM EST

[ Parent ]
Blame Canada? (5.00 / 3)
One definitive sign that a country is in trouble is when there is mounting and valid concern about the facilitation of its elections. As states scramble to install controversial electronic voting machines, its reasonable to say that now we're in trouble. If the Canadians can use paper ballots in their presidential election and count their votes in four hours, why are we having such a difficult time counting and deciding how to count our votes in the United States? When did this become so hard for us to do?

by Captain Marvel on 11/28/2005 09:56:11 PM EST

HAVA was supposed to be the answer (5.00 / 3)
In response to the Florida 2000 Presidential Election debacle that resulted in the Supreme Court's 5-4 decision to appoint George W. Bush President of the United States, President Bush signed the Help America Vote Act (HAVA) in October 2002.

This legislation authorized $3.8 billion in federal spending primarily for the purpose of replacing punch card and lever voting machines and making voting systems accessible to the disabled. HAVA also set requirements for voting systems to print out a paper ballot that can be verified by the voter and corrected if necessary. The Act seeks to ensure an accessible, honest, and reliable vote in 2004 and thereafter.

by Jesus on 11/28/2005 09:59:12 PM EST

[ Parent ]
No methodology for vote tallying (5.00 / 3)
The major issue is that the current model of DRE voting machines has no way to check that the vote was accurately tallied. Experts have already shown that it is possible to touch the screen to choose one candidate and have the other candidate get the vote. Not only will the voter never know this has occurred, the way the machines are checked now, your election officials would not know either.

by Bill Hare on 11/28/2005 10:05:27 PM EST

[ Parent ]
That's right. (5.00 / 3)
And to continue the tag team:

This makes a recount virtually impossible and renders these touch-screen voting machines unaccountable and unverifiable. The Association for Computing Machinery, the largest organization of computer scientists, has called for a paper trail to check the integrity of voting machines.

There have already been several examples of computer error in elections. In the 2002 elections, brand new computer voting systems used in Florida lost over 100,000 votes due to a software error. Severe errors and irregularities were also reported in New Jersey, Missouri, Georgia, Colorado, Minnesota, Illinois, New Hampshire, Alabama and Texas.

Coincidence? Fraud? Unfortunately, we will never know because the votes could not be recounted. Although the HAVA law does requires a voter-verifiable permanent paper record available for manual audit, this has been broadly interpreted to require only a printed total at the end of the vote.

by Bob Kendall on 11/28/2005 10:08:02 PM EST

[ Parent ]
So the question is... (5.00 / 2)
...why are so many states adopting this expensive and inaccurate system of voting? In order to begin to answer this question we must look at the main players involved: Diebold, ES&S and Sequoia--all private corporations, or course. While ensuring voter accuracy is a nonpartisan issue, it is not comforting to know that the owners of the three major electronic voting companies have intimate ties with the right wing, the Republican party and they operate without any real outside supervision.

by Jesus on 11/28/2005 10:09:14 PM EST

[ Parent ]
True but (4.75 / 4)
Like No Child Left Behind and the Clear Skies Initiative, the Help America Vote Act follows the Bush naming convention where a program's name turns out to be the antithesis to what it actually means. While seemingly admirable in its intentions, HAVA requirements are open to interpretation, and many Direct Recording Electronic (DRE) voting machine proponents have claimed that they can be met simply by allowing voters to verify screen versions of the ballot with a printed-paper report available for audit purposes.

by Bill Hare on 11/28/2005 10:01:06 PM EST

[ Parent ]
In addition, (4.50 / 4)
none of the HAVA Committees and Boards have been established which means that states are purchasing voting systems that cannot possibly be HAVA compliant, because the HAVA standards do not yet exist. Yet despite the warnings of the potential dangers of electronic voting, and the documented errors that have already occurred, many states are opting for DRE voting machines, (ie: touch-screen computerized voting machines).

by Bob Kendall on 11/28/2005 10:03:00 PM EST

[ Parent ]
"Receipts," Brian are not good enough (5.00 / 2)
The paper copy probably will not be counted, unless there's a legal challenge.  The types of receipts-on-a-roll that Diebold will provide in California are notoriously difficult to tally up.

In most precincts, the paper trail will be just a placebo display to reassure the voter, but it won't be reviewed again.

The best option is opti-scan paper ballots, which can be counted and recounted straightforwardly, by machine or again by hand.

by joan reports on 11/29/2005 09:28:36 AM EST

ATM = 100% accuracy (none / 1)
I think you hit it on the head.

The ATMs built by these same manufacturers have near 100% accuracy. Can you imagine if they were as cumbersome and sketchy as their voting machines?

Can you imagine the outrage. You better believe the outcry would origniate from far more sources than just the blogosphere.

Is this a legitimate comparison?

Political Cortex -- Brain Food for the Body Politic

by Tom Ball on 11/29/2005 10:05:06 AM EST

[ Parent ]
The clever and greedy are taking advantage (none / 1)
of those who are trusting, careless, inept, or ignorant.  

Not thinking through the problems with different voting systems must reflect a desire to avoid learning about the machines that do so much of our work. This comes from technophobia, or intellectual lazyness, an ethical or moral deficit, or the social rewards expected from not rocking the boat.

I suppose it has never been easy to educate the public--but now the blogosphere has a chance to do just that, and I thank you, Joan, for the time you took to make this report.

New Secular Order. Since 1776.

by Tecolote on 11/30/2005 08:18:11 PM EST

[ Parent ]
Voting-machines tested, report up on CALIF Secy of State website | 22 comments (22 topical, 0 editorial, 0 hidden)
 Display: