http://www.scoop.co.nz/mason/stories/HL0307/S00224.htm
Diebold's Press Release In Response To Johns Hopkins Report - Technical Response To The Johns Hopkins Study � 25 July ************** 1. SYNOPSIS OF THE STORY SO FAR Diebold voting machines are used in 37 states. Four computer scientists published a 24-page paper last week, announcing stunning flaws that appear to make vote-tampering easy. DIEBOLD REBUTTAL: "We believe that the [voting machine] software code they evaluated, while sharing similarities to the current code, is outdated and never was used in an actual election." "�the study did not use our current software code." http://www.dieboldes.com. YES, the code examined by the scientists was used in actual elections. Evidence is provided below, along with questions you can ask Diebold to clarify their statement. QUICK RECAP: The first-ever public examination of voting machine software, obtained when Diebold left it in the open on an obscure but public web site, revealed stunning flaws. "Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts." -- Researchers from Johns Hopkins and Rice Universities, (already tagged as the "Hopkins Heroes") in paper just released: "Analysis of an Electronic Voting System" http://avirubin.com/vote.pdf . Remote access has been left unprotected, encryption keys made available to hackers, you can vote more than once. There's more: http://www.blackboxvoting.org/access-diebold.htm -- You can overwrite votes. The system is vulnerable to both inside and outside attacks. Intruders can change audit logs. You can assign passwords to all your friends. (A list of links to news articles from last week is available at: http://www.scoop.co.nz/mason/stories/HL0307/S00219.htm ) HOW TO STAY AWAY FROM TECHNOBABBLE: For general audiences, this is a story that might evolve into intimidating bafflegarb, but it doesn't have to, and here's why: Not everyone understands discussions about computer languages, but everyone knows what a cover up is. First, decide whether Diebold gives honest and complete answers. --------------------------> RETURN TO PAGE CONTENTS ************* SEE SCOOP'S FULL COVERAGE OF: A VERY AMERICAN COUP ************* 2. DEBUNKING THE DIEBOLD REBUTTALS Diebold and two state elections officials have come up with nine rebuttals. Most are posted on the Diebold Election Systems web site http://www.dieboldes.com; some were statements made to the press last week. 1) The software that's been examined is old and not used in elections 2) The research "overlooked the total system of software, hardware, services and poll worker training that has been so effective in real-world implementations." / Used the wrong hardware. 3) Diebold voting software is constantly updated and improved 4) Diebold software undergoes a series of certification processes 5) "We have been using the systems now for a year and a half, with great success." 6) The touch screens are never connected to the Internet or a public network, eliminating risk by remote access. 7) "If there is a failure or a compromise of one unit, we go get everyone and ask them to vote again." (From Maryland official). 8) The system could be manipulated only by someone who brought a laptop to the voting booth and modified the voting machine. (From a Georgia official) 9) The Johns Hopkins/Rice University scientists spend too much time in an ivory tower. --------------------------> RETURN TO PAGE CONTENTS ************* SEE SCOOP'S FULL COVERAGE OF: A VERY AMERICAN COUP ************* 3. QUICK DEBUNK: 1) The software that's been examined is old and not used in elections. Easy to prove: a) The FEC requires that each software version be certified. b) The certification number is assigned by the National Association of State Election Directors (NASED) and is accompanied by a "version number." c) Matching version numbers are included in the source code examined by the Hopkins Heroes. d) In most states, it is illegal to use a software program that does not match the certified source code. It is completely improper to have any extra sets of source code with the same version number but different code. The NASED-certified versions of the Diebold touch screen program match the version numbers in the source code. Therefore, the source code examined by the Hopkins/Rice scientists must be the same as the certified version used in elections. e) Questions to ask Diebold: Please identify all versions used in elections. Were they all certified? Can you fax me that statement? If this software has changed, how was it changed? Which, if any, of the flaws noted in the "Analysis of an Electronic Voting System" report were fixed? How? f) Basically, Diebold is saying pay no attention to the horrifying stupidity of the secret source code that was examined, because now they have new secret source code. 2) The research "overlooked the total system of software, hardware, services and poll worker training that has been so effective in real-world implementations." / They ran the tests on the wrong hardware. a) These factors are irrelevant to the specified defects in the implementation code. "Hardware, services and poll worker training," no matter how good they are, don't fix flawed software code. b) The machines might be fun to vote on, but you judge a voting system's effectiveness by whether it counts votes accurately. Since there is no underlying paper verification, Diebold can't prove the systems were accurate. c) An examination of the "hardware, services and training" reveals new areas of concern. [1] Hardware: According to technicians who set up the hardware in Georgia (see interview: http://www.blackboxvoting.org/robgeorgia.htm) the touch screens experienced high failure rates, requiring vanloads of people to drive around the state of Georgia trying to fix all of them in a hurry. One tech reports "cannibalizing" machines, trying to find enough working parts to cobble together hardware that actually worked. [2] Training: Is this an example? "AccuVote-TS results should be transmitted to the GEMS host computer either before or after AccuVote-OS transmission, but not before." (page 356 of the User Manual from the Pima County upgrade). [3] Services: Another User Manual invites everyone to download files from an uprotected ftp site (page 221 of GEMS User Manual) d) Questions for Diebold: Please address each of the problems noted in Section 3 of that report and explain how the "total system" fixes these things. e) Diebold makes an obtuse, or deliberately misleading, argument when they say that the researchers, "ran the tests on the wrong system". The researchers examined the source code. Source code (see below.) is a set of comands. It is very much like math formulas. Now, 1+1 equals 2, whether you are on a train, in the rain, in a box, or with a fox. The source code does not suddenly jump up and behave differently when you switch computers. Computer scientists can analyse how a system works without ever installing it on a computer, by looking at the source code commands, and that is what these researchers did. 3) Diebold voting software is constantly updated and improved a) And that brings us to the programmer comments, which do everything but ring the liberty bell shouting "Danger! Danger to Democracy!" Here are excerpts from the programmer comments in the Diebold source code, examined by Bev Harris: "Correct heinous logic reversal when recording non-proportional races." -- "Enter a start condition. This macro really ought to take a parameter, but we do it the disgusting crufty way forced on us by the ()-less definition of BEGIN." -- "Fixed problem that caused an error when view ballot results. -- "Fixed bug in BallotDLG when ballot with the votes appears after touching Start button or anywhere else on the screen couple of times." -- "Remove mmio.c from repoditory [sic] since the code has been moved to the DLL. Reimplemented MMIO functions, as MS is too effing lazy to provide them under CE. Most of this is cribbed from the Wine Project." b) Every time you make changes in a complex system, you introduce new problems: How many more weaknesses and errors were introduced? c) This may be redundant...but, you're not supposed to be updating code without going through certification again. d) The real point is that there must be a disciplined and managed engineering process for creating such systems, and that process (generally called SDLC - Systems Development Life Cycle) must meet certain standards (IEEE, ISO-9000) for reliability. e) Flawed processes produce unreliable products. f) Questions to ask Diebold: Does the current code still exhibit the defects pointed out by the Hopkins Heroes? How can we know? Who will show it to us? Since it got by the certifiers the first time, why should we trust them to check any updated versions? What's in the updated versions? Have they been tested anywhere? Where? By whom? g) More questions to ask Diebold: Are these updates intended to bring the software into better compliance with established regulations? If so, does this mean that software actually used in elections was in fact not compliant before the upgrade? Please explain which elections were run on versions in which these defects had not yet been fixed. h) More questions for Diebold: Is your changed, updated software being held in escrow in state offices? Do they still have the older versions? Who does? How do we know the versions you send in for certification are the same as those on the machines? The checksum? But wouldn't that go all woozly after three or four of these unexamined "patches" you keep slapping on there? (For information about unexamined patches, go to http://www.blackboxvoting.org/robgeorgia.htm and http://www.blackboxvoting.com "topics" "interview with Paul Miller." 4) Diebold software undergoes a series of certification processes a) Certification is not relevant to demonstrated code defects. b) Shall we ignore the fact that the old horrifying code also passed the 'certification' and the certification is therefore worthless? c) Until now, the ONE national certifier (because a closer examination shows that everyone bases their certification on his seal of approval) has not seen fit to answer any questions and can't be reached for comment d) As for the state people actually looking at the source code, Bev Harris interviewed several and hasn't found a one that does. They do love to tell you about "logic and accuracy tests" which will not catch the fraud mechanisms identified by the Hopkins Heroes. The technician interviewed in Georgia said the L&A tests took about a minute and a half and consisted of entering "one vote, any vote would do." 5) "We have been using the systems now for a year and a half, with great success." a) Time in the field is not relevant to demonstrated code defects. b) Define "success." c) Johnson County, Kansas: When 125 votes showed up in the write-in column in a single precinct, election workers decided to print each individual ballot. They found that six races showed discrepancies between the votes recorded on the touch screen and the votes reported by the Diebold program on the county computer. CEO Bob Urosevich showed up, but couldn't explain the error. He said the machines worked splendidly, they just gave the wrong totals. d) In Georgia, during the November 2002 election, poll workers were instructed to turn machines off and on during the election due to a "buffer problem." This was after at least three sets of program updates were applied to the machines, due to machine crashes and other errors occurring on 25 percent of the machines. 6) The touch screens are never connected to the Internet or a public network, eliminating risk by remote access. a) The touch screens are enabled for wireless connectivity. They can communicate with each other at the precinct when the wireless modem card is in the slot. The county network machine, which also connects to the Internet, sends ballot information into the touch screen machines. The touch screens also connect back to the county by modem, to upload results. The county computer, in turn, is sending its results to a web server and (optional) also to a wide area network at the state office. For added fun, a router with a modem bank connects the touch screens into the county network. There are multiple points during the election process where remote access is concern of critical importance. b) Diebold and various other officials are telling whoppers about remote connectivity, which is without a doubt the most critical security function of all. For additional public statements made by Diebold about this, see http://www.blackboxvoting.org/lies.htm. 7) "If there is a failure or a compromise of one unit, we go get everyone and ask them to vote again." (From Maryland official David Heller, project manager for Maryland's voting system implementation). a) Laughable on its face. Can you picture running around the city of Baltimore looking for 300 voters to get them to come back and vote again? b) Question for Mr. Heller: What provision in the law allows voters to be called back to the polls to "re-cast their votes?" c) Question for Mr. Heller: When would that check of the touch screen likely be done? After the polls close. This is not practical in any real world voting situation. Call voters back and let them re-cast their ballots? When? The night of the election? The next day? d) Sounds like complete hooey. 8) The system could be manipulated only by someone who brought a laptop to the voting booth and modified the voting machine. (From a Georgia official, Michael Barnes of the Georgia Elections Division) a) Two words: Palm Pilot b) What about an iPaq? Small, powerful, easily concealed. c) In fact all you need is a forged voter card. 9) "The Johns Hopkins/Rice University scientists spend too much time in an ivory tower."And further elaboration, by Michael Jacobsen, spokesman for Diebold: "Electronic election auditing and security is a very complex and multilayered process, which is not always well understood by individuals with little to no real-world experience in developing and implementing such a process." a) Whew! Let's not worry our pretty little heads about it then, shall we? --------------------------> RETURN TO PAGE CONTENTS ************* SEE SCOOP'S FULL COVERAGE OF: A VERY AMERICAN COUP ************* 4. BACKGROUNDER ON SOURCE CODE FILES "Source code" contains the commands given to the computer that tell it how to execute the voting program. Many people are surprised to learn that source code files consist of English-like programming commands. Source code is human readable. It is then compiled to make it machine-readable. What the Hopkins/Rice scientists examined was the source code "tree" for the Diebold AccuVote Touch Screen software. The tree contains the history of the software development process. In the source code tree you find version numbers, dates, programmer IDs, and comments that explain changes. Each change is numbered, and can be tied into the "version number." Therefore, it is easy to see whether the official NASED-certified version number is the same one as that contained in the source code examined by the Hopkins Heroes. Here are excerpts from the source code files studied by the Hopkins/Rice scientists (Note: According to NASED web site, current certified version is "v4-3" and a previously certified version was "v4-0-11"): # # # # # # ---- > From TransferElecDlg.cpp module downloaded from the FTP site v4-3-Simulator:1.20.0.2 v4-1-11-0:1.15.4.1 v4-1-10-0:1.15 vp4-1-4-0:1.18 v4-1-9-0:1.15 v4-2-4-0:1.15 v4-3-1-0:1.18 v4-2-3-0:1.15 vp-4-1-3-0:1.18 v4-1-8-0:1.15 v4-2-2-0:1.15 v4-2-1-0:1.15 1.20 date 2002.03.05.21.26.51; author tri; state Exp; branches; next 1.18; log @Fix problem with print VCenter KeyId rather than VCenter Id on label after download. 1.19 date 2002.02.26.03.00.23; author whitman; state Exp; branches; next 1.18; 1.19 log @Update copyright notice from "Global Election Systems, Inc." to "Diebold Election Systems, Inc." 1.18 date 2002.01.26.04.57.55; author tri; state Exp; branches; next 1.17; 1.18 log @Changed raw throw to THROW with a message. 1.17 date 2002.01.24.21.17.57; author dmitry; state Exp; branches; next 1.16; 1.17 log @More work on getting download compatible with GEMS's protocol version 5 and higher. 1.16 date 2002.01.24.02.37.02; author dmitry; state Exp; branches; next 1.15; 1.16 log @Make download compatible with GEMS's download protocol greater then DL2DOWNLOAD_MIN. 1.15 date 2001.10.16.23.30.14; author tri; state Exp; 1.15 log @Fix problem with virtual memory not being released. Also some clean up in download. # # # # # # Below these headers in the source code, you find the actual commands that tell the computer what to do. Therefore, if you know that "version 4.0.11" was certified by NASED, you can trace it directly back to the source code that says "Version 4.0.11." There are protocols for writing source code which require the above process and, according to Diebold sales literature for its voting machines, it claims to follow those protocols. (Georgia presentation, Power Point file, found on Diebold ftp site). In most states, it is illegal to use a software program that does not match the certified source code. Therefore, the source code examined by the Hopkins/Rice scientists must be the same as the certified version used in elections. --------------------------> RETURN TO PAGE CONTENTS ************* SEE SCOOP'S FULL COVERAGE OF: A VERY AMERICAN COUP ************* QUICK UPDATE: Pima County, Arizona, July 27 2003: The chairman of the Pima County Democratic Party in Tucson, Arizona says that, if necessary, they are prepared to take legal action to prevent the use of Diebold software in upcoming city primary elections, and to enjoin its use until it can be proven secure and accurate. (Contact: Paul Eckerstrom (520) 326-3716 or Gordon Mustain (520) 325-5607) _______________________________________________ http://www.mccmedia.com/mailman/listinfo/brin-l
