Diebold defrauded the Federal certification process.

Diebold defrauded the Federal certification process.
By Michael Shelby
mshelbyinaz@cox.net

The Diebold Company obtained its Federal certifications for their touchscreen voting machines by committing fraud, including withholding information and submitting false documentation. An investigation that spans three years by election integrity activist Jim March, formerly of Black Box Voting, renders the electronic voting machines of the Diebold Company “legally valueless.” If I were Diebold I would be afraid . . . very afraid!

A statement released Thursday, August 3, 2006, by Dr. Richard. R. Lee, PhD describes how the Windows CE operating system used by the Diebold machines is not Commercial Off The Shelf (COTS) software as Diebold has submitted in its request for National Association of State Elections Directors (NASED) certification. NASED certification is required in 37 states and plays a significant role in most of the others. Federal Elections Commission (FEC) 2002 rules state, “. . . devices and software are exempted from certain portions of the qualification testing process so long as such products are not modified in any manner for use in the voting system.” Dr. Lee recognized by Microsoft as an Embedded MVP for his work with Windows CE, states that, “It is not possible to build a functioning release of Windows CE for any platform strictly from the executable components provided by Microsoft. There are always program elements which must be developed for that specific platform . . . typically done by the Original Equipment Manufacturer (OEM) or by their agent ; not by Microsoft.”(emphasis mine)

Windows CE is effectively a “kit” that “requires significant customization to work on a voting machine, such as a Diebold touch-screen,” as Senator Debra Bowen of California and candidate for Secretary of State, pointed out March 27, 2006 during the California Certification Hearing. She went on to rebut Wyle Labs Joe Hazeltine, “It’s not ‘Commercial Off The Shelf Software.’ It won’t work without being customized. Diebold has the source code for Windows CE and can modify core features and yet here they are basically writing saying “We don’t want to be looking at the Windows CE 3.0 system, even though it could only run on a Diebold touch-screen if it were customized.” To which the Wyle Labs rep responded, “Well . . . you can read it that way . . .” What the Wyle rep failed to grasp, or chose not to, is that once you have customized the Windows CE software it must undergo a source code review as required of any customized code by the FEC rules. It didn’t and the Diebold Internal Email of April 15, 2002 stated, “We do not want to get Wyle reviewing and certifying the operating systems.” And that’s fraud!


more at:
http://spidel.net/blog/?p=771#more-771
http://www.spidel.net/download/RRLee-WINCEdeclaration.pdf
http://www.spidel.net/download/wincefraudwalkthrough.pdf

SO glad he caught that!

This is reaching at straws.

We've gone from accusations of deliberate vote tampering to quibbling over whether a commercial operating system is "off the shelf." How sad.

be trusted to provide equipment that is supposed to be secure and accurate to tally our votes? I don't think so. Quibbling or not, this is a very real issue, and there is likely a reason that stipulation is part of the process.

We can all see where circumventing the process has gotten us. We very likely have a man in the office of President who really shouldn't be there, along with quite a few of his cronies in the states. To me, that is a chilling thought.

Windows CE is not just a toolkit - and I'd hate to think political opponents could come after me (I develop software for goverments too) with a bogus claim like that.

I would be happy to finish my life without knowing much about the nuts and bolts of Windows CE, but since we are here....

Setting aside the semantics of "Commercial Off The Shelf" or "toolkit," do you think this argument is trivial because any third-party components used in conjunction with CE are also Commercial Off The Shelf? or could it plausibly be argued that there is a loophole here to evade review of fraudulent code by characterizing it as a third-party driver (or whatever)?

I find the argument trivial because Windows CE is not a toolkit; like all versions of Windows, a toolkit is available but that's not the issue here. Diebold is accused of fraud - if this is the only accusation I'm telling you it's bogus ... and I'll be curious if you can find any other professional who will assert otherwise.

It seems to me that the question of whether Diebold "defrauded the... process" is separable from the question whether there is a loophole in the process (or perhaps "loophole" is not the right characterization). And then there are the semantic questions, which really don't interest me at all -- "toolkit" wasn't even in the OP.

In the OP, Debra Bowen (who is probably not a Windows CE expert) asserts, "Diebold has the source code for Windows CE and can modify core features...." And Michael Shelby, whoever that is, says, "...once you have customized the Windows CE software it must undergo a source code review as required of any customized code by the FEC rules." True? Reasonable?

I'm one of the folks around here who will actually pay attention to something beyond whether you seem to be "pro-Diebold" or "anti-Diebold."

I quote

>Windows CE is effectively a “kit”

Nope. It's an operating system just all the other versions of Windows, off the shelf and ready to manage hardware with software.

Having the source code doesn't mean you can or have tampered with the OS itself. I'll agree, of course, that if Diebold did recompile Windows CE, the code would have to be shared with those who already review the rest of the application's source.

Win CE is an embedded OS. It's NOT just like other versions of Windows. It HAS to be customized to work. And see post #11.

If it's modified, which is necessary to get Win CE to run in ANY embedded system such as an ACCUVOTE TS DRE, or for that matter a refridgerator, then it's no longer COTS.

Rebecca Mercuri and Vince Lipsio co-chaired the IEEE Task Group that was responsible for developing standards about this stuff. Here's an article on VoteTrustUSA about that process:

<http://www.votetrustusa.org/index.php?option=com_content&task=view&id=1295&Itemid=26>

Even if Diebold didn't defraud anyone, the standards process was "set up" to exempt COTS from scrutinty by the ITA labs who test this junk. If Diebold managed to circumvent that process by incorrectly claiming that Win CE was COTS, that adds insult to injury.

Ms. Weinberg tends to be sympathetic to Diebold because she says she's "seen the source code." Well lots of people have but unfortunately, that doesn't include the operating system -- Win CE -- or ANY ballot definition file for any election.

Now can someone fix this damn DU spell checker or is THAT COTS too?

Article that explains how Diebold alters the Microsoft operating system:

Part of the Voting and Elections web pages
by Douglas W. Jones THE UNIVERSITY OF IOWA Department of Computer Science
Furthermore, it is emerging that the version of Windows CE used by Diebold is both heavily customized and full of dynamically loaded libraries. As a result, there are strong grounds for the conclusion that the operating system is not unmodified commercial off the shelf software (COTS), and that with this extensive use of dynamic linkage, we cannot even tell if the system being run on a particular voting machine resembles the system that was disclosed in the configuration documents submitted with this system when it went through the FEC/NASED approval process.
http://www.cs.uiowa.edu/~jones/voting/dieboldftp.html

Other articles:

Diebold and other ATM vendors say they're "hardening" the installations
of Windows they ship with their ATMs by disabling unnecessary services and ports and removing files that support peripherals
http://www.computerworld.com/networkingtopics/networking/story/0,10801,89119,00.html

Diebold patched the Windows CE operating system in Georgia:
"Williams does acknowledge, however, that a month and a half before the
November election, he worked with Diebold to apply a patch to the Windows CE operating system. The voting machines run on version 3.0 of Windows CE, he said, and they patched it to correct problems they were having with the system"
http://www.votescam.com/Patchelections.php

The question is: what software has the means and opportunity to change the contents of vote data? Operating system software, device drivers, application software (like GEMS or the code running on Diebolds in-precint voting machines) all have the means to affect the contents of vote data.

because it was defective, not as advertised, do I get to roll the dice and vote again!

in partisan politics right now, so he took a leave of absence from BBV. I hadn't heard from him or seen him posting in a couple of months, so I called him to ask what was up. He's back living in Sacramento and working to help get Debra Bowen elected. Partisan politics and a 501(c)3 apparently don't mix.

funny, partisan politics.. He is a republican with very democratic values....

Blue, Red, Green, whatever -- together we're all Orange.

was "Happiness is a confirmed kill". Not a very Democratic value in my book. This is also the man who crowed about how rich Diebold was going to make him. So far, it made him $76,000, though as a result a whistleblower is now facing three felony charges.

See this report from April 2004.

http://www.ss.ca.gov/elections/ks_dre_papers/diebold_report_april20_final.pdf

1. marketed and sold the TSx system before it was fully functional, and before it was federally qualified;

2. misrepresented the status of the TSx system in federal testing in order to obtain state certification;

3. failed to obtain federal qualification of the TSx system despite assurances that it would;

4. failed even to pursue testing of the firmware installed on its TSx machines in California until only weeks before the election, choosing instead to pursue testing of newer firmware that was even further behind in the ITA testing process and that, in some cases, required the use of other software that also was not approved in California;

5. installed uncertified software on election machines in 17 counties;

6. sought last-minute certification of allegedly essential hardware, software and firmware that had not completed federal testing; and

7. in doing so, jeopardized the conduct of the March (2004) Primary.

....what would HR 550 do in a situation like this? Not a thing, that I can tell.

It's a part of the flaws in 550 that it doesn't put the hammer down on such shenanigans.... imo.

They stole millions of votes. You think they will stop trying just because 550 is law? 550 needs teeth. Where's the teeth?

If you had, you would know the answer.



This makes the certification process null and void, since now ANY group or individual programmer would be able to examine the code and determine whether it met the certification standards.

Maybe it is just me, but I think that is an awfully BIG hammer.

Christ on a crutch!

I'm not as intimate with the bill as you are so I wonder, based on above, what is supposed to happen when any person inspects and objects to the code?

the enforcement provisions are found in the HAVA bill. Generally, failure to comply with HAVA is punishable by civil action by the federal government, including injuctions, declaratory judgements, etc. Failure to comply with such judgements would result in fines and/or imprisonment. Simple failure to comply could also result in loss of federal funding, aside from other punishments.

Enforcement is in the hands of the Justice Dept, specifically, the Attorney General, which means nothing at the moment given the occupation government.

I would like to see specific criminal penalties, but to be fair that is really for states to look after (NC s.223 makes violations class I felonies).

I appreciate what you are saying, first of all, that it is HAVA and not 550 that informs enforcement terms. Further, your point about the Justice Dept. making all things optional is well taken.

In light of both of these things, I'll say what I've been keeping to myself as I've stayed out of the entire 550 debate - the bill is moot and totally pointless, as are all legislative proposals. Laws no longer have meaning. I'm not suggesting we all go out and start running red lights or robbing banks. But let's recognize that the lack of assurance that a law will be followed or enforced makes that law useless.

It is disingenuous to say there is value in a citizen's ability to inspect code when there can be no guarantee of repercussions should the inspection reveal problems. Advocating for legislation today only reinforces the position of collective helplessness we are in. I submit there is a correlation between the amount of effort we exert attempting to influence federal legislation and representatives in general, and the amount of power and control exerted over us. To "take the power back" means to stop enabling and empowering those who have already abused their authority at our expense. As far as I'm concerned, this government is illegitimate and has no right to make new laws for us to have futile and divisive debates about.

To change the course we're on, We The People must act locally and in a fashion that withdraws both our Consent to and complicity in the practices that are harming us. Peaceful revolution is necessary, NOW!

Thank you for pointing this out. Since the equipment ,that diebold uses, is unable to reveal source code among other irregularities, why is it being used. It is illegal-right?