BREAKING: First News of Debra Bowen's Top-To-Bottom Review of California Voting Systems

Listen!

I'll update as more comes in.

K&R

Brad Friedman just reported on the radio (at above link):

Bowen's teams were able to bypass physical and software security for every system tested!

Decisions on what to do won't come until next Friday, whether to certify systems, decertify or require mitigations

Public hearing in Sacramento, CA Monday 7/30 at 10:00 a.m.

There were source code reviews and hack tests...

More to come. As available, report will be posted here.

At this link.

Here's a bit more, thanks to BRAD BLOG commenter LeftIsBest:
1. Security teams were able to bypass both physical and software security in every system they tested.
2. SOS wants input from people who will read the several-hundred page report of findings over the weekend.
3. No recommendations made yet - awaiting input Monday
4. Public hearing at 10 a.m. Monday (7/30/07) at the SOS auditorium in Sacramento and continue that day until all testimony is taken.
5.Web cast likely via CalChannel live. Will also be videotaped and archived on Monday.
6. L.A. County's InkAVote is in limbo - since there was such delay by ES&S - uncertain how long it will take to deal with them - status up in the air.
7. Decisions WILL be made on EVERY system (Sequoia, ES&S and Diebold) by August 3rd.
More to follow as call continues!
Chat room

I love GREG... He is the TRUTH teller!

I hope some DUers will read the report and attend the meeting.

Bowen rocks:headbang:

:thumbsup:

I heard California Secretary of State Debra Bowen testify in Congress a few months ago. She was asked whether this top-to-bottom review of all of the voting systems certified in California could result in her decertifying any voting systems. I remember her response word for word:

"Yes."

And now here we are. If any or all of the electronic voting systems are decertified in California, this could snowball across the country. It will at the very least give opponents of "black box voting" a powerful new tool for fighting these machines, that disenfranchise voters by the thousands, if not millions.

Bowen's backbone may keep California from going "red" in 2008. And that's a very, very big deal.

I listened to Greg Palast in Chicago, and was hopeful that this information would come out. I look forward to watching him tonight on PBS.

Audio archives of today's show here

There will be live coverage of Monday's public hearing on BRAD BLOG as well.

This according to John Gideon, of Daily Voting News.

6.1 Sequoia
The red team analyzing the Sequoia system identified several issues. They fall into
several classes:

1. Physical Security. The testers were able to gain access to the internals of the systems
by, for example, unscrewing screws to bypass locks. The screws were not protected
by seals. Similarly, plastic covers that were protected by seals could be pried open
enough to insert tools that could manipulate the protected buttons without damaging
the seals or leaving any evidence that the security of the system had been
compromised.

2. Overwriting Firmware. The testers discovered numerous ways to overwrite the
firmware of the Sequoia Edge system, using (for example) malformed font files and
doctored update cartridges. The general approach was to write a program into
memory and use that to write the corrupt firmware onto disk. At the next reboot, the
boot loader loaded the malicious firmware. At this point, the attackers controlled the
machine, and could manipulate the results of the election. No source code access was
required or used for this attack, and a feature of the proprietary operating system on
the Edge made the attack easier than if a commercial operating system had been used.

3. Overwriting the Boot Loader. Just as the testers could overwrite firmware on the
disk, they could overwrite the boot loader and replace it with a malicious boot loader.
This program could then corrupt anything it loaded, including previously uncorrupted
firmware.

4. Detecting Election Mode. The firmware can determine whether the system is in test
mode (LAT) or not. This means malicious firmware can respond correctly to the preelection
testing and incorrectly to the voters on Election Day.

5. Election Management System. The testers were able to bypass the Sequoia WinEDS
client controlling access to the election database, and access the database directly.
They were able to execute system commands on the host computer with access only
to the database. Further, the testers were able to exploit the use of the autorun feature
to insert a malicious program onto the system running the Sequoia WinEDS client;
this program would be able to detect the insertion of an election cartridge and
configure it to launch the above attacks when inserted into an Edge.

6. Presence of an Interpreter. A shell-like scripting language interpreted by the Edge
includes commands that set the protective counter, the machine’s serial number,
modify the firmware, and modify the audit trail.

7. Forging materials. Both the update cartridges and voter cards could be forged.
The report presents several scenarios in which these weaknesses could be exploited to
affect the correct recording, reporting, and tallying of votes.

6.2 Diebold

The team investigating the Diebold system identified several issues. They fall into several
classes:

1. Election Management System. The testers were able to penetrate the GEMS server exploiting vulnerabilities in the Windows operating system as delivered
and installed by Diebold. Once this access was obtained, they were able to bypass the
GEMS server to access the data directly. Further, the testers were able to take
security-related actions that the GEMS server did not record in its audit logs. Finally,
with this level of access, the testers were able to manipulate several components
networked to the GEMS server, including loading wireless drivers onto the GEMS
server that could then be used to access a wireless device plugged surreptitiously into
the back of the GEMS server.

2. Physical Security. The testers were able to bypass the physical controls on the
AccuVote Optical Scanner using ordinary objects. The attack caused the AV-OS unit
to close the polls, meaning the machine could not tally ballots at the precinct or
inform voters whether they had “over-voted” their ballot. Similarly, the testers were
able to compromise the AccuVote TSx completely by bypassing the locks and other
aspects of physical security using ordinary objects. They found an attack that will
disable the printer used to produce the VVPAT in such a way that no reminders to
check the printed record will be issued to voters.

3. AccuVote TSx. The testers found numerous ways to overwrite the firmware in the
AccuVote TSx. These attacks could change vote totals, among other results. The
testers were able to escalate privileges from those of a voter to those of a poll worker
or central count administrator. This enabled them to reset an election, issue
unauthorized voter cards, and close polls. No knowledge of the security keys was
needed.

4. Security Keys for Cryptography. The testers discovered that a well-known static
security key was used by default.
The report presents several scenarios in which these weaknesses could be exploited to
affect the correct recording, reporting, and tallying of votes.

more at: http://www.sos.ca.gov/elections/voting_systems/ttbr/red_overview.pdf

*edited to add note to mods: This is public information taken straight from the SOS site; I do believe it is exempted from the copyright limitations, however if not, then please modify as needed.

Monday, July 30, 2007
10:00 a.m.
1500 11th Street
Sacramento

Agenda posted here.

There are three hours of audio, posted in three pieces, divided like this:

HOUR 1: Open lines, news from Bush World, breaking news on Bowen's "Top-to-Bottom Review" of voting systems and Greg Palast on vote-caging et al...

HOUR 2: Open lines, more news from Bush World, and Bryan Myers on details from PBS' NOW report on vote-caging, airing this evening...

HOUR 3: Election Integrity Hour - Details from Bowen's "Top-to-Bottom Review" with John Gideon (report was released while we were on the air), a hand-off to Christine Craft of 1240am Talk City in Sacramento, who will be taking over as Guest Host of the PBC show beginning next week, and also leading a group to Bowen's public hearing next Monday, and tons of last minute callers!...

This is the Peter B. Collins Show, guest hosted by Brad Friedman of The BRAD BLOG.

Thanks for the links.

:kick:

Here they are, on the California Secretary of State website.

:kick: & :toast: (reccomendus interruptus, no 24 hr.+ recommendations)