http://www.scoop.co.nz/mason/stories/HL0307/S00224.htm

Bev Harris: Diebold Rebuttals Don't Stand

.... SNIP ....

Earlier Related Stories
Synopsis of previous story
Diebold denials
Diebold denials, debunked
Quick Backgrounder about "source code"

.... SNIP ....

1. SYNOPSIS OF THE STORY SO FAR

Diebold voting machines are used in 37 states. Four computer scientists published a 24-page paper last week, announcing stunning flaws that appear to make vote-tampering easy.

DIEBOLD REBUTTAL: "We believe that the software code they evaluated, while sharing similarities to the current code, is outdated and never was used in an actual election." "…the study did not use our current software code." http://www.dieboldes.com.

YES, the code examined by the scientists was used in actual elections. Evidence is provided below, along with questions you can ask Diebold to clarify their statement.

<b> QUICK RECAP: </b> The first-ever public examination of voting machine software, obtained when Diebold left it in the open on an obscure but public web site, revealed stunning flaws. "Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts." -- Researchers from Johns Hopkins and Rice Universities, (already tagged as the "Hopkins Heroes") in paper just released: "Analysis of an Electronic Voting System":

http://avirubin.com/vote.pdf

Remote access has been left unprotected, encryption keys made available to hackers, you can vote more than once. There's more:

http://www.blackboxvoting.org/access-diebold.htm

-- You can overwrite votes. The system is vulnerable to both inside and outside attacks. Intruders can change audit logs. You can assign passwords to all your friends. (A list of links to news articles from last week is available at:

http://www.scoop.co.nz/mason/stories/HL0307/S00219.htm

HOW TO STAY AWAY FROM TECHNOBABBLE: For general audiences, this is a story that might evolve into intimidating bafflegarb, but it doesn't have to, and here's why: Not everyone understands discussions about computer languages, but everyone knows what a cover up is. First, decide whether Diebold gives honest and complete answers.

.... SNIP ....

For MUCH MUCH MUCH MUCH MORE SEE...
http://www.scoop.co.nz/mason/stories/HL0307/S00224.htm

Bev and others are on top of EVERY reaction: ... providing HARD refutation of every lie posited by these Fraudmeisters ! .....

Al of Scoop ? ...

Bev ? ..

WE LOVE YOU ! ! ! !

Dances off in a state of near bliss .....

(up at 3 a.m. making sure it got to editors before 7, so they'd have questions in line for Diebold stories today)

This story should have been credited with DU participation in some manner, because you guys really helped tremendously.

http://www.scoop.co.nz/mason/stories/HL0307/S00224.htm

It is designed to get rid of some of the technobabble tennis match that might arise if we let Diebold PR get control of the story.

Bev Harris

Their arguments against the "Hopkins Heros" are SO weak ...

Your refutations are overwhelmingly damning .... due primarily to the weakness of their arguments .....

We JUST need this to stay on the wheels and keep rolling up the Hill .....

Higher and Faster ! ......

possible lawsuit on diebold re: plagiarism of open-source code on diebolds proprietary system?

<snip>
"Remove mmio.c from repoditory since the code has been moved to the DLL. Reimplemented MMIO functions, as MS is too effing lazy to provide them under CE. Most of this is cribbed from the Wine Project."
</snip>

WINE being the open-source "windows emulator".

could this be a legal opening to force them to open-source their code?

A lot to take in.
:hi:

I am still worried that the media will emphasize the Diebold rebuttal and not give your refutations of this rebuttal. Has this happened already and I missed it? Once again, what a heroic effort by you and all involved. I know what this must have cost everybody in time, resources and mental anguish. It isn't easy to buck city hall!

So, thanks to you, Bev, DemActivist, and all DUers who worked with you, SCOOP NZ (Althcat?) and the great HOPKINS HEROES. The outstanding work done by all of you could make a huge difference and here's hoping and praying it does.

:bounce:

:kick:

Here is the URL for the proposal for a Truth Alliance on Scoop...

http://www.scoop.co.nz/mason/stories/HL0307/S00225.htm

In order to promote this campaign the best way to help will be to send this URL to your favourite online news websources...

Hey BBV crew... I think we need to be posting to these threads... they are getting swamped!!!!

Everytime I see a thread about this subject, it makes me want to buy the book even more!

Keep the pressure up 24/7!!!!!

I'll call my Gov here in my home state!!!!

...wondering if I can get a printer-friendly version on Scoop or Blackboxvoting?

I send this out to local media (with proper credits and reference to sites, of course!) and something clean without the need to go to a site gets their attention much faster.

If you get their attention, they will go to the site.

It would also help in putting together a nice packet, like the Hopkins study and others, kind of a portfolio on the story. This is also good to send to your election officials and legislators.

Speaking of legislators, keep your local state legislators in the loop on this. They need to know what's going on, what the public wants, and the momentum building behind it. These are the ones who will have to pass legislation to change state laws and in many cases, over the objection of people like Secretaries of State, who seem to hold great power.

You can contact them when they are out of session, too. I think this is better, because they will have more time to address the subject. What we learned this last legislative session is that due to the tremendous volume of legislation they deal with in a relatively short amount of time, they can't get in depth on every topic. Many will just follow the lead of someone they consider more of an expert in a particular area.

And you don't have to be from their legislative district to have an impact. Election law is a statewide- and national concern.

Just watch for your service provider's rules on what they consider spam. Sometimes it gets triggered just by volume.....

:eyes: :eyes: O8)

What's this doing on page 2?

Upsa Daisy!

Election officials sidestep study about voting fraud
http://www.pressherald.com/news/state/030729election.shtml

"Computer security experts warned in a study released before the weekend meeting of more than 35 secretaries of state that there are "significant security flaws" with the system designed by Diebold Election Systems. The company defended its system and said the survey by researchers at Johns Hopkins University was flawed. (please see Debunking of Diebold Denials, http://www.scoop.co.nz/mason/stories/HL0307/S00224.htm#3)

"...it was tabled until the winter meeting in February. Minnesota Secretary of State Mary Kiffmeyer, the group's new president, said the overall election system has safeguards against fraud but she said she's confident election administrators will learn from any mistakes.

The voting software is just one piece of the overall system, and the software itself continues to improve, she said."

Please see Debunks of this specific point

==========================

Can anyone get me a contact list, including e-mails, for the 50 secretaries of state? Better yet, can you enter the info you find directly into the "BBV Contacts" section at http://www.blackboxvoting.org ?

Please come back to this thread and post which secretaries of state you added contacts for. The League of Women Voters is reportedly "rethinking their position" (though they'll probably use Diebolds idiotic rebuttals to stand firm). But we have been having an impact.

Now it's time to have an impact on the secretaries of state, which, through NASS (National Association of Secretaries of State) takes large payoffs from the voting machine vendors. If I had to target a single position that needed to become corrupt in order to get unsafe and unauditable voting machines into each state, that's where I'd start.

Bev

Go to the activism forum. Most of the info you need is there.

Cheers.

and Paranoid Pat has the whole 50 states on a list in Activism.

The evidence, as much as I don't want to go there, is that there seems to be a well-orchestrated RW attempt to takeover the vote counting apparatus of this country - and it didn't just start in 2000. How else to explain:

1.) The shockingly shallow vote-machine certification process

2.) The extreme resistance to a voter-verified paper trail

3.) The market share of the two to three largest vendors - and their ownership/management (esp. Chuck Hagel)

4.) The inexplicable positions of the national leadership of the League of Women Voters.

and on and on. What concerns me now is: how far down the rabbit hole are we already? How many of our national leaders owe their position to these companies? And if there were legislation that prevents us from getting the documentation that would answer these questions, when was the legislation put into place and is there any pattern there?

Next Monday I'll get to talk with the Center for Constitutional Rights people. I'm thinking of getting them to research the availability of voting records question. Meanwhile, I'll find what I can online.

It would definitely be worthwhile IMO to expand upon the "on and ons" you mention.

In fact, I'm still steamed by the runaround various of us got in Georgia as we tried to address some of these issue earlier this year and were met with the most concerted stonewalling you can imagine. Some of it is pretty shocking. I absolutely DO want to see that in print (and, as I've said, Cathy Cox in prison stripes or that ultra-alluring prison orange would do).

Eloriel

I'm also curious as to why Democratic leaders aren't at least stepping up to the plate and endorsing Rush Holt's bill.

Is saying BUMP instead of KICK a no no in DU?

:evilgrin:

....takes it to the top works for me! :evilgrin:

titled "Voting and Technology: Who Gets to Count Your Vote?" This magazine is the monthly publication of the Association for Computing Machinery. To quote the last paragraph, " In 1871 William Marcy ("Boss") Tweed said: 'As long as I get to count the votes, what are you going to do about it?' Paperless DRE machines ensure that only the company that built them gets to count the votes, and that no one else can ever recount them."

nt

OK, now I'm not so confused. I knew NASED was having a meeting, as it turns out, same place, same time:


NATIONAL ASSOCIATION OF STATE ELECTION DIRECTORS Welcome to the NASED Webpage

NASED Summer Meeting
July 25-27, 2003
Holiday Inn By the Bay,
88 Spring Street, Portland, Maine


Maine's SOS also addressed this group.

Go to NASED.org and you can find participants in the NASED meeting, including some of our, um, faves....

Talk about having all the electoral power in one place at one time.

As I posted elsewhere, they seem bent on putting off doing anything until Diebold, ES&S, and Sequoia have sold their systems.

I cannot even begin to convey the contempt I am building for these two organizations. Both should have hit the road running, pulled these machines out of use, and began a series of hard-hitting investigations. They're supposed to look after the electoral process, aren't they? There are differences in the kind of tending you do.....



:puke:

We have League members working their best on this issue! This explanation also does not need remote access.


To: LWVTopics
Date: Tue, 29 Jul 2003 02:29:32 -0700
Subject: Re: DRE paper trails

All, I wasn't going to continue with more comments, but I seem to think that realistic situations are not being considered in this discussion.

First, though I do not have a degree in computer science, I have
taken numerous courses and have spent my professional life
programming and testing computers do to a number of complicated
tasks from making one computer to talk to another a precursor to the internet), to commanding satellites, to developing sophisticated codes to simulate the circulation patterns of the ocean.

I know what it takes to test software and know that programming
errors occur.

One has to separate the issues.
1) Reliability of the software to correctly count.
2) Corruption of code by individuals.


Issue 2) Code Corruption: here I assume that the computer voting
machines are not connected to a network. Say there are
7 vendors of such machines nationwide. And let's say
that 1 vendor has 1 (or several) corrupt programmer.
This programmer modifies the code so that it will change
Republican votes to Democratic (since the programmer
doesn't know where a machine will end up, can't really
modify votes of individual names). Also, the programmer
may or maynot know what area the machine will end up in,
so changing Rep. votes to Dem. votes may not matter. This
type of corruption can be checked for with good certification
testing and procedures.

Actually, a good programmer would devise such a logic bomb to evade the testing procedures. Here's how I (with over 35 years of programming experience) would do it, if I were a dishonest (or fanatically zealous)programmer at one of the DRE vendors:

- I only care about rigging the elections for President, Governor, US
Senate, and Congress, so those will be the only ones I affect. (Maybe
I'll include the state legislature as well, but the names of those
offices vary so much from state to state -- Assembly, House of
Delegates, State House -- that incorporating the information for all 50 states might be too much trouble to go to.)

- Since I don't know who will be running in any given race, I will go
by party affiliation.

- Since I don't want it to be obvious, I will take, say, on average ten percent of the votes for party X and give it to party Y. I will
display to the voter what they selected, but I will record it
internally the way I want. This will only affect close races (55/45
and closer), but then that's the point. To give an election to one
party in a district that's safe for the other would arouse suspicion.
Shifting 10% of the votes should be sufficient. (I can also take more
votes from the minor parties -- they won't notice.)

- Since I have to show the source code to the testing authorities, I
will create my "logic bomb" using the techniques described by Unix
co-inventor Ken Thompson in his 1984 ACM Turing Award lecture so that
it doesn't show up in the source code. (See
http://www.acm.org/classics/sep95 for the description.)

- Since I need to be honest when the elections officials and testing
authorities run the logic and accuracy tests, I won't actually alter
the ballots as they are cast, but wait until the machine is "closed".
If the machine is being closed at a reasonable closing time (say,
between 8pm and 8:30pm), and it was opened at a reasonable opening time (say, between 6am and 7:30am), and it's the first Tuesday after the first Monday in November in an even year, then I will go back over all the stored ballots and rewrite ten percent of the votes given to the "wrong" party. If it's not election day, or it's outside normal election times, or the machine is being opened way late or closed way early, I'll assume that this isn't a real election and I won't change any votes.

- I will use a random-number generator, seeded by the machine-readable
serial number, to decide which of, and what percentage of, the "wrong"
ballots to change. The reason for this will become clear further on.

- Since the testing people may try to fool me by changing the date and
time, I'll fool them instead. The real-time-clock (RTC) chip is set at the factory using a manufacturing interface, not through the screen.

The testing authorities and the elections officials don't have access
to the manufacturing interface, so they have to use the screen when
they want to change the date or time. So when that interface is used,
instead of changing what's in the RTC, I'll just store the difference
in a memory location, and take that into consideration when displaying
the time. For example, if it's noon on Monday, November 1st, 2004, and they set the date to 8am Tuesday, November 2nd, I'll put "20 hours" into the offset location, and add it to the RTC value whenever I need to display it. My logic bomb will only trigger if the RTC says it's really election day and the offset value is zero (or close to zero; maybe I'll let them change the time by a few minutes.)

- Just to make sure, before I alter any votes, I'll make sure they
haven't been cast in the typical logic-and-accuracy pattern of one vote for each of the first selections, two votes for each of the second selections, and so on. I'll also check for the "typical" voting pattern of a few voters in the morning, a lunch-time surge, scattered voting in the afternoon, and an evening rush.

- About the only way they can detect that I've rigged the machine is by setting aside some machines on election day and casting ballots on them throughout the day using a pre-arranged script. The script will have to include when to cast each ballot as well as how, since it has to mimic an actual polling place. If they find a discrepency, they'll
have to decide if it's the machine, or if they made a mistake in following the script. If they test multiple machines with the
identical script, my use of a random-number generator will result in
different machines behaving different ways, further confusing the
testers. And if they do decide it is the machine, what are they going
to do? The polls are closed! Are they going to order a new election?

Not likely! They'll probably order more tests, and on additional
machines, and since the election will be over when they conduct these
tests all the machines will work perfectly.




So, ______, and everyone else who doesn't see the necessity for a
voter-verified audit trail: You're the election official. Assuming
you've gone to the trouble of conducting this so-called parallel
monitoring, what are you going to do? (I doubt most election officials would go to the trouble of parallel monitoring anyway.)


--Steve Chessin
LWV

Thanks, that might explain a few things! :evilgrin: