Monday Exclusive: Another Voting Machine Co. Whistleblower Steps

Forward. http://bradblog.com/archives/00002538.htm

Texas:

Secretary of State
P.O. Box 12887
Austin, Texas 78711-2887
elections@sos.state.tx.us

Re: Complaint on conduct of election of March 9, 2004, held in Tarrant County, and the associated activities of that office in it’s preparation for that election, including inappropriate, unethical, and possibly illegal activities committed by the Office of the Tarrant County Elections Administrator (Robert Parten), and the two election vendors which service Tarrant County, ES&S and Hart Intercivic.

Mr. Connor

I am a former technical specialist for Hart Intercivic, an election service vendor with whom you are familiar. Several months ago I left that position in response to some ethical concerns I had, and accepted a job as the election programmer for Tarrant County. While preparing for the March Primary, shortly after finalizing the election databases, I had to quit that position suddenly, in large part as I was unwilling to participate in the upcoming election. I was unable to continue working for Robert Parten, the election administrator for Tarrant County, both because of his shockingly inappropriate management decisions, but more significantly because of a pattern of unethical decisions and erratic behavior from him I witnessed while I was there. This included his blatant disregard for election law, poor understanding of and interference with important technical aspects of the election systems, and endangering the health and lives of his employees by encouraging and requiring extremely long hours, even when those hours were not productive and only served to provide additional financial compensation for the staff. I could not, in good conscience, participate in the election that he was administering, nor continue to observe or participate in that office. In addition to the information I am obliged to report on the Tarrant Elections Office as it impacted that election, I also feel that it is my responsibility to note several issues that arose in the course of that employment as the office dealt with the two election vendors for Tarrant County, ES&S and Hart Intercivic.

I deeply regret having to write this letter. I have waited for months to give the various parties involved a chance to make changes which would indicate a real desire to alter the unpleasant courses they respectively have embarked upon. I have not seen any compelling effort at positive change, nor any public admission of error or wrongdoing; no hiring of ethics officers or testing staff, and with respect to the vendors only no evidence of real dedication to doing any more than meeting the surface requirements necessary for them to win contracts, rather than being certain of executing them competently. I am convinced that the weight of the evidence indicates not merely an effort to conceal certain issues from scrutiny for the purpose of maintaining public trust, but rather independently deliberate campaigns to conceal real problems in the respective offices and companies. The weight of the evidence and volume of issues that need to be addressed now suggests to me that only concerted governmental and regulatory intervention can restore the public confidence in the voting process in Tarrant County. The election vendors have been allowed far too much leeway and given far too little scrutiny by people competent to examine their technology, processes, AND procedures in providing for elections and in their business dealings with the County. Not everything I will describe will be obviously within the purview of the Secretary of State’s Office at this time, however, as they reflect on public trust and may require additional legislature or scrutiny from your office, to the extent that I can I will note those issues here and only as briefly as seems necessary for you to consider. In my experience those issues of competence and public trust are common in many counties in Texas, primarily because they exist outside the domain of any agency funded, technically competent, or willing to investigate them. I hope your office can change that.

Issues of specific failures with the primary election and possible election law violations

- The audit trail for Hart’s election generation software (BOSS) had invalid entries. Hart was aware of this and declined to fix it, and Robert also declined to fix it. I informed him that I had developed a simple, reliable, and effective method to remove the invalid entries (while at Hart), but he still refused to fix the information in the audit database. This information is some older data caused by an incorrect build of the software from Hart's programming team. It would not impact the election, but I strongly believed that a "corrupt" audit trail would significantly impact public confidence in the election software. There was a simply and fast fix available, and because it was data, it did not fall under restrictions for software changes prior to an election. Still, I was not permitted to fix the issue. These false audit entries are currently part of the official election record for several Tarrant elections, although they have gone unnoticed by the Office of the Secretary of State thus far. Clearly failing to review electronic audit entries defeats the purpose of having them.

- The public test was fake. We ran a public test but discovered a series of problems with the election we were setting up, and in the course of resolving those issues had substantially different election databases to be used in the actual election. I had inquired about rerunning the public test, but was told it was unnecessary, troublesome, and pointless. Nonetheless, I ran my own independent tests twice to try and be sure the election would be a success (although additional changes were made just before I quit, and I don't knowthat those databases were fully tested. The staff there is generally competent and dedicated, so I have every reason to believe that such testing occurred, but I know that no public test was ever redone, as seems to be required by law.) There was also no record of adjustments made for each new iteration of the election databases, which after further reading, I also believe to be required. I should also note here that the public observers who did show up were totally unqualified to inspect the election processes, technology, databases, or even the results. I believe that official trained observers should be present, conduct a thorough analysis and document that analysis, if the public test is to be seen as anything other than a joke.

- After the public tests I was doing some reading on Texas law regarding how such tests are supposed to be conducted, because we frequently seemed to follow "Robert's" rules of convenience rather than those from the SOS office or state law. It appears as though positions were not filled according to the law and missing from the public tests. Specifically, the law seems to require a counting station manager (present), tabulation supervisor (none appointed or present), programmer (present), judge (present for part of the test), and party observers (who were present for only part of the test).

- Robert Parten repeatedly told those members of the public who asked that their votes were secret, however, the Optech 3c Eagle machines forced the operator or voter to use a special procedure to override the machine to accept a blank ballot, and the machine printed this on its log. (So every blank ballot was not, in fact, secret, not for anyone in the polling place at the time someone submitted their ballots or shortly thereafter)

Issues of contractual or legal violations with the vendors and their relationship with the county

- Hart sold a device to Tarrant County called an M2B3, claiming that it was both faster than the previous card readers Hart had sold, and would prevent corruption problems with the cards that held votes. However, internal testing revealed that the M2B3 was not faster, nor did it entirely resolve the data corruption issues, though the county was never told nor given any sort of refund, either for the M2B3 or the card readers they were initially charged for. Despite the data corruption issues, no refund was offered for the cards either, though Tarrant had purchased a large number of them at considerable expense.

- The Hart technician that arrived onsite in Tarrant County admitted to being untrained, the company declined my offer to help, and instead allowed their untrained technician to make changes to Tarrant's election computers. The work was done improperly and had to be fixed twice, and was only finally completed because I intervened and corrected several problems so that the county could continue preparing for the next election. I believe that selling a support contract implies that the support staff will be trained and competent.

- Hart admitted to Tarrant County that votes are sometimes lost when using the disabled voting units, but only after such problems had developed, and never informed them that the claims of an ability to rebuild vote records was not consistently available, and would always require shipping the voting devices to Colorado. However, this was not a requirement because of the altitude, rather the programming team refused to reveal the process for vote recovery.

- Hart refused to provide utilities consistently to customers, including Tarrant County, although some utilities were provided and not updated (even when known problems existed with these utilities). Other jurisdictions were given special utilities to maintain, test, and manipulate the voting equipment and software. Tarrant's contract suggests that important utilities should have been provided, and certainly maintained, by Hart. ES&S also ignored a request of mine to update our election utilities or provide current manuals for the software.

- ES&S was pressuring Tarrant County into using unapproved software for election day, and told the staff there that they were also pressuring other jurisdictions to do the same thing. The company wanted to obtain approval, but didn't expect to obtain it until election day, and apparently hoped that getting more counties to pressure the SOS for approval was an appropriate business practice. Tom Eschberger, a vice-president for ES&S, was the person who actually came onsite and tried to apply this pressure, and also asked what kind of deal they could offer to get Tarrant County to stop using Hart Intercivic's products. One of the technicians for ES&S, when onsite trying to perform some last minute repairs on an election system that they admitted had many and serious problems, told us about a jurisdiction using an ES&S software update that didn't intend to ask the SOS office for permission. I was surprised that this went unremarked by the Tarrant staff, and seemed like a matter of fact business practice by everyone who heard it.

Issues of competence and public trust

- There was a computer used to combine results from two separate vendor systems which did not have a password. I attempted to add one, but was ordered by Robert not to, on the grounds that it was a "change". He didn't object to far more substantial changes to other election computers, including those tabulating actual results; it was simply another instance of the bizarre, irrational, and inconsistent behavior I witnessed. This computer was the final reporting machine which would be used to generate reports for, among others, the SOS office, the press, and the parties, so the lack of a password was a real concern. There was no consistent password policy in use for the election computers.

- In my work area, where there were several computers used to program the elections, there was no physical security of any kind. I didn't have a closed office much less a lockable door, and the area was busy and accessible to the public and a large number of employees, including temporary employees. Additionally, the computers used for reporting and receiving results were in two separate buildings, neither ofwhich were my office, and both also had poor or nonexistent physical security.

- Election results, disks, MBB cards with votes, cd backups, documentation, and manuals were frequently left in these multiple offices without physical security, electronic security, or passwords.

- Anti-tamper devices provided for some of the computers were used improperly or not at all.

- The Tarrant County Information Technology department sometimes worked on the election computers; they installed incompatible anti-virus software on election machines, they performed other improper work and refused to cooperate with me so that I could properly manage change on the county election computers, and they refused to fix hardware when asked (although it was their responsibility). Although the intemal relationship with that department showed signs of being completely unmanaged and inconsistent to the point where it appeared as though they couldn't accomplish anything, they nonetheless did manage to install remote control software on one of my computers, over my strenuous complaints, as that machine stored information pertinent to the elections.

- The election computers had no BIOS or operating system updates applied, either by the Tarrant IT staff, or Hart, or ES&S. While at Hart I had complained about this improper maintenance but was unable to see the issues resolved due to internal issues and conflicts.

- Hart did not release bug lists to Tarrant County for their software, and ES&S did so only intermittently and did not respond when I asked for updates; even when asking for specific details on issues described by their technicians while onsite.

- Tarrant County had no organized backups nor any procedure for doing so, nor any regular or safe way to maintain such backups.

- During several Tarrant County elections Hart performed on the fly report fixes during elections, even while results were coming in. I believe this was legal, but the changes should have been documented, and my request for that information was ignored.

- Perhaps most troubling was the Robert's attitude, also communicated to the staff there, regarding consulting with the Secretary of State. Being new to the job I had a number of questions I wanted to ask the SOS office regarding procedures, but I was explicitly told not to do so, for fear that the SOS would issue rules or regulations which we would then be bound by. The staff, following Robert's lead, was very dismissive of the SOS office and resistant to their demands or advice. I believe a more constructive relationship is possible, necessary, and appropriate.

What I witnessed at Tarrant County, what I was subjected to, what I was expected to do in order to "pull off" an election, was far beyond the kind of practices that I believe should be standard and accepted in the election industry and I was baffled by Robert Parten's continued work with these election companies; even after admissions of concealing software problems, inappropriate pressure, hints of backroom deals, and poor support. I had accepted the position because of the reputation of the Tarrant office, and because I knew the staff was competent and very dedicated; but Robert's current apparent confusion and almost complete lack of management created so many problems I couldn't stand by and participate further. Even for the brief time I was there, I felt tainted by my association with the problems that went unfixed and unremarked upon, and ashamed of my participation to the extent that in retrospect I only contributed to a situation that most needed an overhaul, not another save. With respect to my employment at the vendor and county, during that employment, I never knowingly violated any state or federal law, though I certainly participated in a number of activities which made me uncomfortable in order to see an election through successfully. As you, and other election officials must be aware, running a complex election is never as simple or easy as the law allows or we would like to believe. And I have recognized these realities in my consideration of the behavior and choices of others, and tried to judge them only on the more severe issues of which I am allowed, under confidentiality agreements, to speak of; as the acts and behavior noted herein seem to violate laws, contracts, or reasonable and ethical behavior to a degree that would meet legal standards in our society.

Sincerely,
(name redacted)

Date: 7/29/2004
J. Kenneth Blackwell
Ohio Secretary of State
180 E. Broad St. 16th Floor
Columbus, OH 43215

election@sos.state.oh.us

Mr. Blackwell,

I am a former employee of Hart lntercivic, an electronic voting vendor currently being awarded contracts in Ohio. I have information which I believe you need to have regarding the vetting process your office underwent for such companies. I have waited for several months after leaving Hart; I felt that I owed it to my coworkers, former manager, and other good people who are still there to give them the chance to meet the obligations of the law and ethics. I have been fervently hoping that Hart would decide to step forward and do the right thing; to break the industries habit of silence and concealment, and admit to wrongdoing and apologize for their mistakes. These companies have a long history of concealing problems and have become willing to exercise their silence whenever they thought they could get away with it. In some cases during my years at Hart, believing only at the time that I was supporting my customer (and ultimately the public interest by promoting public confidence), I have participated in withholding information that might have raised concerns about our competence, our customers approach to the rollout or use of their electronic voting machines. Had this been a handful of rare incidents, where the repercussions were indeed minor, I could have continued to believe that Hart as a company was doing the right thing. I eventually left Hart Intercivic because it became clear to me that the company's silence had little to do with "rare" incidents but instead revealed a number of potentially serious problems which appeared to be systematically hidden or ignored largely for the sake of corporate profits. While at Hart I had evidence of what I believed to be criminal fraud, extreme negligence, and a distinct and troubling pattem of failure to uphold the public trust both in violations of the spirit of its contracts, but also in concealing problems in an industry which so crucially represents the public interest. I now believe, given Hart Intercivic's unwillingness to address these issues, that I have a legal and ethical obligation to the citizens of Ohio to describe those specific issues that are problematic in the evaluation of Hart. I hope this eventually assists your off ce in your representation of the best interests of the state in its pursuit of an electronic voting solution. As your office has surmised the greatest danger to the voting process is the currently haphazard approach of individual county off ces, who despite heroic dedication often lack the funds, focus on efficiency, or consistent tools they need to insure reliable and cost effective elections. I think we share the belief that electronic voting has the potential to be a great solution and ultimately best serve the voters, and I wish you well in your future efforts to promote it.

There are three categories of concems I will address. The first is what I believe to be fraudulent acts by Hart Intercivic. The second is false claims made by the company, and finally some technical notes regarding the reports submitted to your office by Compuware. Because of the confidentiality agreements I have signed with the company, and because I don't believe it's in anyone's best interest, I will only reveal those fraudulent claims or activities by Hart that I believe rise to the level of legal/contractual violations.

Fraudulent Acts:

- The computer submitted to the examiners in Ohio for security testing was setup specifically for this test. The reports claim that Hart was submitting the standard configuration that Ohio counties would use. Since I was the person who actually designed and setup the current configurations I was the only one who could have setup such a computer for the review. Not only was I not permitted to do so, I did not even discover Hart had shipped a computer to the state until after the review had started. The configuration documents, which at the time only I had access to, were never requested by our programming office, who setup a special installation evidently targeted at passing the security review with minimal issues. Our standard configuration would have flagged a number of additional problems, issues which we were unable to resolve due to internal issues. I raised this fraud issue with the management team after the fact but before the Compuware and Infosentry reports were finalized, but Hart management evidently decided against revealing the fraud and resubmitting another computer with our real software configuration for testing.

- The reports state that the modem port on the JBC (part of the voting equipment) was disabled for the software version tested in Ohio. This is untrue. The software version submitted did not have a disabled modem, so if an investigation found that, then the software version submitted for testing must have been a special version modified for the review.

Fraudulent Claims:

- The vote storage on Hart's JBC/eSlate voting equipment is not random, and under the right circumstances, while unusual, it is possible to identify how someone voted. I reported this to the management team immediately after identifying the problem, because the sales force repeatedly made this claim, and simple efforts to try and make the storage and retrieval more random and secure were never made.

- The reports claim that a disaster plan and security audits were done for and with the technical support group, and available to us. I am not aware of any such happening nor the technical support team being made aware of it. Since I was the only member of the technical support team during a substantial portion of time frame covered by the report generation and post release, I suspect I would have been shown, and perhaps even participated in, such audits and plans.

- Infosentry says Hart has an ongoing information security awareness program and has provided an online security awareness course to all employees. This is not true.

- Infosentry says Hart maintains numerous information systems (IS) security policy and procedure documents, which to my knowledge must be hidden in a steel vault inside a crack in the Antarctic ice sheets, because I've never seen them nor heard of them, nor was able to obtain them when requested, outside of a basic employee manual, which presumably isn't what the Infosentry report was referring to.

- Regarding the Infosentry claims of the existence of security plans for IS support, these could not have been done without consulting with me, nor the software configuration management plan, nor the security policies and procedures, since my department kept such information separate from that of the corporate IT group. Indeed, to the extent that any such documents existed at all, they were either written or revised by me, and I had the latest copies, which the management team never requested for submission to the state of Ohio, or any other reviewers.

- Hart sales staff has claimed to the Ohio SOS office that results are not transmitted over public networks. This is untrue, and indeed, absurd. Unofficial results are transmitted through public phone lines, and even mediocre "hackers" can access such networks via the internet.

Technical Notes regarding the Compuware and Infosentry reports:

Although these reports were reasonably thorough from the standpoint of attacking an election I felt they lacked creativity, displayed some technical flaws, and didn't reflect a solid understanding of how elections are run, both in their overall approach and in the report priorities. I don't believe that Ohio citizens should carry away a sense of security from these reviews, as an attempted disruption of an election would likely display more effort and consideration than the reviews themselves exercised.

- Compuware says safeguards are in place to prevent the Hart system from crashing. While not a programmer for these products, I am not aware of any such safeguards, but am aware of a number of system crashes and preventable causes for them which were infrequently and inconsistently revealed to customers.

- Compuware claims error handling code returns clear error messages to users. I am unclear on which users they are referring to, and the reviewers and I will have to substantially disagree on the meaning of the phrase "clear error messages" being retumed from Hart's products in general.

- Compuware was unable to modify the MBB vote storage cards trying to use the Windows file system. The report suggests that this cannot be done, and it cannot, but this gives the impression that such information is highly secure only because the Windows
cannot be used. Publicly available tools can be used to make such changes while working in Windows, and I don't believe the report should be communicating a false sense of security in this regard.

- The Compuware report says that JBC port disruption is not possible due to operating system limitations. This is only because the testing done was very limited in scope, not because the port cannot be disrupted.

- Compuware says that error and audit entries are tracked. This is a bit misleading, as only some entries are tracked, not every possible such entry.


Sincerely,
(name redacted)

Just do an open records request to Ken Blackwell. The actual letter is on file and must be produced.