How can you read the memory card on an opti-scan?

I'm an election poll worker and when I took the memory card out of the opti-scan voting machine to send over to the board of elections I wanted so much to see what it read. Setting up the opti-scan was rather simple even for someone with just the basic of computer skills, however I was the only one who took the initiative and set the darn thing up...Anyone know how to read this? Or is it privatized to only the election board... :shrug:

http://search.mysimon.com/search?nodeid=8898&qt=memory+card+reader&page=1

And a hex editor to look at the files directly

or a program like Microsoft Excel or whatever they use as the format to look at the data in the way that the machine builders intended the voting supers to look at it as.

So I'll google memory card reader and see what I come up with...Thanks

there are probably some rules about whether or not just any worker there can happily read memory cards, and possibly accidentally erase them.

Famous last words: "What could possibly go wrong?"

The whole idea of the machines being the proprietary property of the machine vendors is the excuse for shielding the programming from the public, media and even elections officials. When you hear us all balk at secret vote counting, this is what we mean. The info on that card is almost certainly in the unique, proprietary and secret language of whatever vendor is used in your county. The data from the card is likely supposed to be transferred electronically to your central tabulator. Only there can its contents be read and aggregated with the results recorded on the other cards. Of course since this process is not at all transparent, voters may as well just walk up to your Registrar and whisper their vote choices in her ear and let her announce the winner at the end of the day. It is all a ruse meant to give the impression we are still having genuine democratic elections when we are actually having "elections" that simply resemble elections.

of proprietary voting machines, I would also expect that any data on those cards would be encrypted. While I admit that it seems voting machine vendors aren't interested in the security of anything but their profits, encrypting sensitive data should be second nature to whoever programmed this stuff.

memory card. Can't they just count the ballots if in question?

Of course the paper ballots could be used, so why aren't they? Even the audit requirements, if any exist, aren't tough enough to guarantee all discrepancies will be caught. Read this paper recently posted at the Election Defense Alliance website:

http://electiondefensealliance.org/hr550auditflaws

Aside from audit *requirements*, consider that there are enormous obstacles for citizens wanting a hand count, or recount, even if they have the most obvious grounds to question or challenge election results. Just look at all the craziness that was the CA-50 lawsuit in San Diego:

http://wedonotconsent.blogspot.com/2006/08/so-much-for-checks-and-balances.html

Paper ballots are of course essential, but they are meaningless if the rest of the process prevents their use in the counting process.

data is just numbers. I've never touched one of those cards but as Harri Hursti showed, and all the independent studies confirmed, even if they are proprietary, they can be hacked, manipulated and I'm sure with some expertise she could read the data off it.

the crazy thing about this question is... that in a transparent election, the results of each precinct, which in many cases is the results from one machine/card, should be made public -- before, and independently of the reporting from the central tabulator. I've heard of some poll workers describing how they post the results on a piece of paper on the wall before they send the memory card to the central count location. This is a key event if it really happens.

in reality, if the results on the card, or for the precinct, if it has more than one machine, are not made public, they are meaningless. we all know about the vulnerabilities at the central tabulator. so if the precinct results are not known by anyone other than when the final results are announced at the central tabulator, no one knows if the numbers on the card even match what the central tabulator has for that precinct.

so the question is exteremely valid. we need to know the precinct counts or the entire election is, well, questionable.

Not something to argue about here, Gary, but wasn't part of the Alaska saga that the 2004 numbers couldn't be given to the Dems because it belonged to Diebold?

I agree that ultimately this isn't the point here. Precinct counts posted publicly are essential. This is one way I will specifically encourage my local media to speak out on our side - they should be calling for this CA regulation to be followed religiously as it is basically the only step they could take at this time to do any independent verification of the results reported by the elections department from the central tabulator.

Of course I want to get them to go further and join our call for hand counts as the ultimate in documentable transparency. Media *should* be a natural ally in that their credibility should always hinge on their ability to source/document/prove what they report. I strongly encourage everyone to cultivate this message in your community in an effort to change the behavior of your local media.

Here in Humboldt I have arranged a forum on media accountability. On 9/21, at 6pm PST, you can all tune in via www.KHUM.com. I will be part of a panel discussion with editors and news directors and even the general manager of a TV station. I see this as an opportunity for the community to re-define what is required of the media to be considered credible.

yes they argued that the data was also the property of Diebold but that is completely ludicrous. I think they were just trying to hide something and that's what they came up with as a defense.

That's the problem. There are NO mandated standards.

And from almost all accounts I've heard, voting records are easlily hackable, security is almost non-existant and no password is used.

I've heard of one system that used ordinary, unencoded .mdb (Microsoft Access) files. You could edit them with the software provided on any Windows machine!

The scanners and DREs are the client side. They are not quite as bad, but they're bad enough.

But the server side should be the most secure, right? So don't expect any safeguards on the client machines, either.

he not only read it, but reprogrammed it to rig an election, in just 5 minutes. as i understand, used a laptop computer and a commonly available card reader. more info:

http://www.votetrustusa.org/index.php?option=com_content&task=view&id=798&Itemid=51

Go to e-Vote Security section, click on the first Harri Hursti report re Diebold Optical Scan Design, dated 07/04/05, "Critical Security Issues...":

http://organikrecords.com/corporatenewslies/beginner_v2.htm

(gets into details the OP seeks...and much more...pp6,7+)

This person is technologicaly savvy enough to understand that there are several security hurdles between the time the Opti-Scan ballots are dropped through (I used Ink-a-Vote last election, myself) the reader.

They raise this question, "Why do the election results have to be done by 10:00 PM? Just for the local news?"

I suggested that the current method of counting could be used as an exit poll. But the "official" count would be the hand tabulation, at the polling site, of the actual ballots. And that count, of course, open to the public and the press. The key is that the paper itself is the official ballot.

I myself (and the legislator) have no belief that there should be any "corporate proprietary interest" in the software. But, until that issue can be dealt with, count the ballots by hand to determine the winner.

ACCUBASIC is interpreted code and so is partially readable in English. But I wouldn't recommend it.

If you're a poll worker, will you be doing a proper Logic and Accuracy Test of your scanner?

Do you know how? Do you know what a proper test consists of? Is this your responsibility or someone else's?

The poll tapes should print out the totals on the memory card after the election. They should be posted at the precinct, recorded by witnesses from all parties, and checked after the official totals are posted by the county. Of course these totals should match!

The L&A should test the scanner to see that the memory card or any Ballot Definition Programming have not been corrupted before the election. But the test has to be designed correctly. That means casting a random number of votes for each candidate on the ballot for each ballot style to be scanned. Can you make that happen?

Hursti's scanner exploit would not have worked if a proper L&A test had been conducted before the mock election. The bogus vote totals would have been spotted immediately. This is unfortunately, an under-reported FACT. Such tests are almost impossible to run on DREs which is why scanners are preferable if properly tested.

Random auditing is of course also essential!

source: Critical Security Issues with Diebold Optical Scan Design. The Black Box Report. SECURITY ALERT: July 4, 2005, p20



You mentioned "a proper L&A test" would have detected Hursti's exploit if conducted before his mock election. Are the factors cited by Hursti above, in fact, addressable by "proper" L&A testing without "verification of what is inside the card..."?

Or is a re-count of original paper ballots the only way to test the accuracy of e-vote counting machines -- a process made illegal in Florida in 2005 (and in other states???), but as advised by the VSTAAB?

source: Security Analysis of the Diebold AccuBasic Interpreter (Feb 14, 2006, p2)

And I wouldn't test them in test mode. His hack, which messed with the zero totals would have been detected if the scanner were tested in election mode.

what's on the card?,turn in the real card and..Read the copy later?