As Roxanne had accurately predicted, some of the players from the session she attended were not there. Dr. Brit Williams, Cliff Tatum, Michael Barnes and perhaps others I'm not thinking of were absent.
Cobb started out, as Denis mentioned, by setting out the "ground rules" (his words -- anything I put in quotes are a direct quote from my notes). The ground rules were that this "we are in a NEUTRAL position regarding debates in the press and other areas," so no debates here. This is a "factual presentation," so "no debates."
The presentation included a short video, "Georgia Counts: Touch the Future of Voting," and two slide presentations -- one on the election process itself (what steps are taken prior to election day, the day of the election, etc.), and one on the various physical and other security mechanisms and procedures.
The video included a segment by Bob Urosevich of Diebold (formerly of Global Election Management Systems, and brother of Todd Urosevich who is head of ES&S -- the two brothers originally worked together and so their software had a common origin). Urosevich talked about the "security, accuracy, reliability, redundancy and many, many other steps" of the Diebold voting system.
Cobb told us it was supposed to be interactive, so questions were welcome. (That didn't last long.)
THE ELECTION PROCESS SLIDE PRESENTATION
I probably asked too many questions during the slide presentations but there were things I was genuinely curious about. The first was all about how the election process works, and that was most interesting. I'm eager to hook up with my county registrar (I think that's the only election official we have, have to check) and check out some of this info. I'll type some of my notes up separately rather than bore everyone here.
PCMCIA cards
You can program the cards with one of up to 8 different ballot styles. Some precincts will have different ballots required. The code entered by the election worker is for which ballot style to use for that voter, according to a code on the voter roles. They insisted that there is no way that the cards can be coded to identify the voter (and how that person voted).
There were a few questions:
Q - My precinct had a stack of already encoded cards
A - Not supposed to happen. (Others in the group said that was true in their precinct too.)
Q - Are these cards unique Commerciall available?
A - Not unique, yes, commercially available but don't know from whom.
Q - Diebold memos mention that a tech considered the PCMCIA cards the weakest link.
A - (???)
Logic and Accuracy Tests
These are fairly extensive; the test is several pages long. The test measures mechanical aspects, calibration, operational checks, ballots. Must be announced 5 days in advance and open to the public.
Q - Are these test scripts published?
A - Known by the company but not publicly available
I believe I asked about the fact that the machines are in test mode and any programmer could program the machines to work flawlessly in test mode while operating differntly during an actual election.
At the conclusion of L&A, all the machines are zeroed out and there a code that sets the software for the election.
We asked about the Zero Reports and got a little obfuscation (IMO) on that point. These zero reports are germane because we asked to see those 22,000 zero reports in an Open Records Request and weren't able to for some reaaon. They are now saying that those stay in the counties.
There is not a unique password for each machine.
The machines are sealed with red plastic tape which is numbered, delivered to the precincts the night before.
ELECTION DAY
Three people are at the precinct: one breaks the seal, one observes, one records the seal number against the serial number.
They open the unit with the key, turn the power on. The poll Manager has the key. They are not unique to the machines.
Three people runt he zero report again (to make sure no votes from the L&A test remain on the machine), then 3 people sign the zero report if everything's ready.
There are 3 written records of voters --
* Voter Certificate kept in stacks of 25
* Registration list
* Numbered list of voters as they come in
(These totals help to ensure that the machines can't be "ballot stuffed.")
There is no way to correct an already cast ballot, even one that was cast completely blank. There is a procedure for correcting a ballot before it's cast (Cancel). Rogers said that in Walker county there was an election on a tax issue. Some voters didn't realiz that's all that was on the ballot, and so they ended up casting a lot of blank ballots because they didn't want to vote at all on this. She also told about one poll worker or election official who wants to be noted as someone who responsibly votes in EVERY election but doesn't necessarily cast any VOTES during all the elections.
Rogers said that undervotes dropped tremendously, "by 2 - 3%."
The numbers from the 3 different lists of voters are checked "casually" throughout the day against the total ballots cast on the machines. The Final Reconciliation takes place once the election is over when all the PCMCIA cards are taken to one machine in the precinct and "accumulated." The cards are read in one by one and added together. So you can determine an UNOFFICIAL vote count per precinct. These totals must be posted in every precinct. But, they stressed, these are unofficial vote tallies.
The machine hasn't been closed yet at this point. "The official record is the memory card, but if it's destroyed, it can be taken from 2 different places on the machine (inside the machine)."
She would not or could not tell me anything about where these votes are stored other than on the PCMCIA card.
There was a question about printing ballot images. We "can print an image of every ballot cast -- hook it up to a printer...can hook it up to any printer..." but when pressed, she was a little vague on what kinds of printers could be used for that. And, of course, there was no recognition of the fact that if the votes had been tampered with as they were being cast or afterwards, printing images of ballots after the election, when the voter is no longer around to verify (and they're not pegged to individual voters anyway) is not exactly helpful.
Something (not exactly sure what she was talking about here) re the votes or results or whatever, probably the votes, are stored on CDs. The "internal memory is stored in machines for 30 days."
The results are printed and signed by 3 people. The tape is torn off and stored with the memory card. Then the machine is sealed, this time with blue plastic tape.
The memory cards are returned, uploaded one by one into the county server. The server "will not let the precinct close unless every card is accounted for...will not reprt results unless the cards are returned."
I REALLY wanted to ask about those missing Fulton County cards, which she had told me in Decatur a few weeks ago weren't used for the results because they got the results off of the machines' inner memory. But, I didn't have a chance to do that. By this time, they had told us, "Let's get through the presentation, and then we'll take your questions."
SECURITY/INTEGRITY SLIDE PRESENTATION
"There are four principal organizations" protecting your vote -- Diebold, MASED's ITA's ("Georgia uses Wyle and Ciber"), KSU's Election Center and local election jurisdictions.
NASED'S ITA's
* Monitors the "final Build" of the System Code
* Looks for extraneous code
* Submits system along with the source code to KSU Center for Elections Systems
I really wanted to ask a LOT of details about KSU's involvement and how the code is stored in escrow (which Rogers told us it was in Decatur), but had no chance to do so.
KSU:
* Reviews for compliance with Georgia code
* Tests the system for unauthorized/fraudulent code
* Develops a validation program to use to test the system as installed in the local jurisdictions
* Verifies that the system ... (ah, my notes run out on this -- I think the gist of it was that they verify that what is uploaded locally is what they have in escrow, tho the word escrow wasn't used)
SOFTWARE SECURITY
* Audit Logs
* Passwords
PROCEDURAL SECURITY
* Access
* Qualification Testing -- by the ITA re FEC compliance
* Certification testing -- at KSU for compliance to GA Code
* Acceptance Testing -- this is done for "every change in software" -- they "go out physically to test that equipment...developed by KSU" (I really wanted to ask a LOT of questions about this but was unable to
* L&A testing at county level
PHYSICAL SECURITY
* Servers are kept locked behind closed doors
* No extransoue software can be added (they made a big thing about how people in the various localities complain about this because here's this nice computer that could be used -- HOWEVER, curiously, that contradicts what they told me earlier when I asked about what this "server" looks like or is. They told me it was a Dell, but configured for this and made it sound like it was something other than a PC.)
Someone asked a question about modems... Their response was yes, there's a modem card (and I think they said or implied that it's only inserted when it's time to use it), and it comes "with a predefined (phone) number" on it. AND they also have the very same info faxed and modem'd in to make sure that the vote totals that are sent by the server are double-validated against the faxed results and no hanky-panky can take place during this transmission. Again, sounds wonderfully secure and I'll let the techies decide about that, but the problem still remains: if malicious code changed the votes during the election, these steps just offer wonderful security for spurious results.
SECURITY
1. * Verify that the system as delivered from ITA is free of extraneous or fraduulent code. (This is KSU's specially developed program for that or whatever.)
* COnduct HIGH-VOLUME tests to determine the capacity olimits of the system
* Run tests to determine the system's ability to recover from various (my notes ran out again -- kinds of crashes, perhaps)
2. Verify system as installed is the same as what is used.
(I REALLY tried to pin down where the benchmark was, but wasn't able to.) The got this testing program from
http://www.dmares.com/maresware/validation_tools.htm if I wrote it down correctly. This is the 1 in 1 billion chance of tampering tool.
BTW, they run this on 159 servers, NOT on 22,000 machines. Also (you guys'll love this), it tests static files only, NOT dll's. They were very satisfied that since dynamic link libraries are, well, dynamic, they're not in need of testing for tampered-with code.
The servers run Windows2000, and the machines run WindowsCE. I was able to ask my question about WindowsCE being COTS or not, and even to explain that it's merely a shell so CANNOT be COTS and MUST, according to all the certification rules, be separately certified as well, but they claimed to know nothing whatsoever about that (I can still see Cobb shrugging his shoulders), so it was obviously totally unimportant to them.
Unfortunately, that was the end of my note-taking. Some of the math or logic or whatever for the Mares ware thingie was one of the last slides and I did have a question about that, but they shooed me away from it wanting to finish the presentation "and then we'll take all your questions," and I responded, as I had re a previous slide or two, "Well, please remember to put that slide back up there..." which, of course, never happened. Afterwards, when I asked about it, Cobb said, "Well, we can look at the handouts," and the guy sitting next to me, Hans from GA Tech said, well, actually, it would be useful to have it up, but that didn't happen either. In fact, after the presentation, Cobb not only turned OFF the slide program, pretty soon the whole computer was off and the screen blank.
Then, while they took questions, Cobb and Rogers paced around like they were really trying to hurry us up. It worked: I felt VERY rushed. Various people had questions, all through the presentation, not just at the end. What was funny was that about 1/2 way through the whole presentation, Rogers assumed we must've all been in this together because she was saying things like, "You people..." such as, toward the end, "You people have YOUR opinions and we have ours and we're not going to change yours and you're not going to change ours." (Yeah, she's entitled to her own opinions, but not her own facts.)
She also told us at one point near the end that basically they (in the SoS's office and the Center) had all made up their minds and if we wanted to pursue any of this further, we needed to contact our legislators.
Also near the end, when she was really trying to wind things down, I said to her, "Well, I was able to ask a few questions of you toward the end of your presentation in Decatur a few weeks ago, then called you on the phone to ask more questions and ask for an appointment with you, and you told me you had NO time for that, that asking questions are what these public forums are about. And now you're telling me that we can't ask our questions here either. I have 7 pages of questions. Are you telling me that my only other opportunity to ask questions is at the next public forum like this?" Cobb said, "Yes, but you'll have to sit through the presentation again." Rogers looked at the clock on the wall and said, "You've got until 4:30." At that moment it was about 4:20 (4:22 or so, from a quick glance at the clock).
There were a LOT of snide remarks made by Rogers during the Q&A portion especially. Even Cobb joined in at one point. I'm not remembering them all, but if any come back to me I'll certainly jot them down and preserve them for posterity.
OH! Someone asked a question during Q&A about the ties with Republicans and Wally O'Dell's statement recently, and Rogers didn't even let that question get completely asked (which was the rule for her rather than the exception). She responded to that quite animatedly: "There's only so low I'll go," (paraphrased:) and I'm NOT getting into discussions about (that -- I don't think she used the word partisanship). And the person asking this question was very nice and sweet, too. She got blasted, as if it were an inappropriate question to begin with. Perhaps that's what they were referring to early on when they said, "this is a factual presentation, not a debate."
They were also asked about the Hopkins and SAIC reports and shrugged those off as well.
Edited to add: I also got the impression during the last half of the 2nd slide presentation that they'd made some changes to their procedures (and slides!) since the first one. When we get a chance, Rox and I will compare notes on that.
Eloriel