Author: Luther Weeks

Has LHS Director Challenged Brad To A Debate?

Do I seem to be irate? You bet and it has nothing to do with the legitimacy of electronic voting, which I have also questioned.”
– Ken Hajjar, Director of Sales & Marketing, LHS

Brad Friedman, a nationally know election integrity advocate has received an e-mail allegedly from Ken Hajjar, LHS, Director of Sales and Marketing. (LHS is the New England distributor of Dieblod equipment responsible for the sale to Connecticut).

Given the foul and ranting nature of the attack I would hope the letter is a fake. I would question the wisdom of relying on the author to be involved in any way in running our elections. I’ll spare the not so nice parts of the letter, you can read the whole thing and Brad’s response here.

I used to think that all of the looney idealogues(sic) were on the right. There are just as many on the left and you are one of them. … It’s not the machines that are the cause of our problems, it’s the people…Pick a forum and I’d be happy to discuss how we run elections in New England and how difficult, if not impossible it is to game the system. Bring it on.

The author of the letter does not represent the voters of New England and should not be telling anyone how we run elections.

Unfortunately, here in Connecticut we are about to have our 1st election entirely run on Diebold equipment purchased through LHS and to add to our risks the state has contracted with Diebold to program all of our elections. So in that sense Ken Hajjar, LHS, and Diebold will be running our elections, and not letting us in on how they are programmed.

Brad has accepted the challenge. We will keep you updated.

Update: Ken Hajjar responds to Brad

Continue reading “Has LHS Director Challenged Brad To A Debate?”

Kentucky AG and Sarasota FL – Diebold AccuVote-OS in Jeopardy

“Any voting systems subject to manipulation and corruption should be reexamined and decertified,” [Kentucky Attorney General Greg] Stumbo said. “Faulty electronic voting systems jeopardize the public’s confidence in Kentucky’s elections.”Stumbo’s concerns are based on serious security flaws identified by experts in California, which led to emergency decertification of the voting machines by California.

Read the entire Kentucky story

But the state has worries that hackers could breach the security of the optical scanners made by Texas-based Diebold Election Systems and used by 31 Florida counties.

If the Diebold machines are not certified Aug. 17, the only effect would be felt in Sarasota County

Read the entire Florida story

Update: Florida says Diebold corrected problem in record time.

Update: The Florida report on the Diebold corrections Not exactly a ringing endorsement:

We conclude by re-stating that this report does not contistitue a comprehensive security analysis. We limited our investigation to four specific flaws. In spite of repairs made, signigicant security vulnerablity continues to exist in the code base.

NPR Programs Explain Issues and Vulnerabilities

Update: Media Matters covers distortions in media coverage of CA decertification

Two recent NPR programs clearly explain the issues in easily understandable terms for the general public.

Science Friday, August 4th, Matt Bishop, University of California, Davis Red Team Leader and Security Expert, Professor Matt Bishop, describes clearly how security can be compromised. Also disputes Diebold response.

 

Like a bank taking all of its money, putting it in a room, and shutting the door and then saying no one will ever find this room so we’re not going to waste money on a lock…

Companies or customers…entirely by accident leak information…

Keeping the information secret assumes that people can’t figure things out and attackers are incredibly ingenious. There’s a technique known as social engineering where you can often get people to reveal information they didn’t realize they were revealing <Listen>

Morning Edition, August 8th, by Pam Fessler, “Voting Officials Wary About Electronic Ballot” Short interviews with voting advocates and Debra Bowen summarizing the issues, while other voting officials downplay the risks and emphasize their reluctance to work to protect our votes.

Continue reading “NPR Programs Explain Issues and Vulnerabilities”

EVT07 Electronic Voting Technology Workshop

Yesterday was the USENIX/ACCURATE Electronic Voting Technology Workshop held in Boston. Today I will give some overall impressions and highlight just one of the relevant papers.

UPDATE: Avi Rubin blogs on session with Debra Bowen
(inappropriate certification processes for electonic voting)

For me it was a highly educational and engaging day. My experience at conferences with highly academic papers, was in the mid 1980’s when for several years I participated in annual Artificial Intelligence conferences. At those conferences I found the general sessions very useful but the academic papers were very detailed, seemingly crossing the t’s and dotting the i’s on previous papers, those sessions went well beyond my tolerance for detail. The papers presented at the workshop yesterday were all clear and interesting, timely, and most were relevant to voting in Connecticut.

Seeing and meeting the other attendees was also a highlight of the day – researchers whose papers and blogs I’ve read, talked to previously, and who have made huge contributions to raise awareness of the risks of electronic voting. It was also hopeful to see a considerable group of researchers who work with state election officials and three election officials. Alex Shvartsman of Uconn and several of his students were there presenting one of their recent papers. Clearly the most appreciated attendee was Debra Bowen, Secretary of the State of California.

Sixteen of forty-two submitted papers were presented. A huge increase from the eighteen papers submitted last year. Doug Jones from Iowa, who testified to the CT Legislature a year lor two ago, was one of the organizers. He expressed the hope that next year more papers would be available that point the way to improved, reliable voting methods. Most of the papers this year demonstrated the lack of security and reliability in existing e-voting equipment. Several pointed the way for more effective post election paper audits. The final three papers presented five innovative ways that might enhance the voter attractive touch screen voting to make it private and auditable — unfortunately, for the most part, they accomplished the security by requiring a lot of sophistication on the part of the average voter.

 

I have covered the Uconn paper previously I will cover a paper relevant to Connecticut, from Princeton, here and perhaps more papers on other days.

The Princeton University paper:

Continue reading “EVT07 Electronic Voting Technology Workshop”

Brennan Audit Report and Connecticut – a Discussion

On August 1st, The Brennan Center for Justice released: Post-Election Audits: Restoring Trust in Elections. The entire report is quite readable without requiring knowledge of statistics, voting laws, or computers. I recommend it as a compurehensive introduction to the issues of auditing elections.

This post will discuss the report’s relation to and implications for Connecticut’s new election
audit law.

First, let me thank all of those involved in creating and contributing to this report. The Brennan Center, The Samuelson Law Clinic, and the members of the ‘Audit Panel’. The audit panel included several individuals from Verified Voting and staff from the Office of the Secretary of State of Connecticut. The Connecticut panelists alone were four of the entire panel of seventeen. As the report states, “Opinions, findings, and conclusions or recommendations … are soley of the authors and the Brennan Center”.

While we seldom agree on everything, the the staff of the Office of the Secretary of the State have always been responsive and available. The Secretary has also always been responsive and I have no doubt that she is committed to fair elections with integrity. When the Secretary changed course to specify optical scan machines in early 2006, she demonstrated the kind of flexibility and openness that will be necessary to apply the conclusions contained in this report and the reports from California to the benefit of Connecticut voters.

Perhaps the most basic findings of the report and the most challenging to recently enacted Connecticut law are:

Of the few states that currently require and conduct post-election audits, none has adopted audit models that will maximize the likelihood of finding clever and targeted software-based attacks, non-systemic programming errors, and software bugs that could change the outcome of an election…
Based upon our review of state laws and interviews with state election officials, we have concluded that the vast majority of states conducting audits are not using them in a way that will maximize their ability to improve elections in the future.(emphasis added)

Strickingly, these finding were based on an earlier version of Connecticut’s law that was proposed by the Secretary but later watered down considerably. From the Brennan report: “Connecticut, California, and Illinois check all races on the ballot during a post-election audit”.

Continue reading “Brennan Audit Report and Connecticut – a Discussion”

CA Secretary of the State Decertifies E-Voting Machines

In a late night, 11:45pm, press conference Debra Bowen decertifies e-voting machines. Will allow one DRE per polling place, which must have paper ballot hand counted.

BradBlog reports on the press conference.

The CA Official site.

Secretary of State Debra Bowen began her top-to-bottom review of the voting machines certified for use in California in March 2007. The review was designed to restore the public’s confidence in the integrity of the electoral process and to ensure that California voters are being asked to cast their ballots on machines that are secure, accurate, reliable, and accessible. On August 3, 2007, Secretary Bowen announced her decisions regarding which systems in the review will be permitted to be used in the 2008 elections and beyond.

The CA Decertification of Diebold equipment.

Diebold…AccuVote-OS[to be used in CT]…which was previously approved. is found and determined to be defective or unacceptable and its certification and approval for use in subsequent elections in California is immediately withdrawn except as specifically provided below.

1. In order to provide accessibe voting to voters with disabilities in compliance with HAVA, juristictions may use no more than one AccuVote-TSx per polling place..

The document goes on with stiff re-certification requirements which include various restrictions and procedures for use and stiff requirements on Diebold for plans and actions to make the systems secure. At first reading they seem appropriate, yet unlikely to be met.

Updates..

Continue reading “CA Secretary of the State Decertifies E-Voting Machines”

CA Software Reports Released – Diebold subtracts from democracy

Update: Talk of the Nation Interview – Red Team Leader    ” [relying on procedures] indicates a very high belief in human infalibility.”

Executive Summary:

Vulnerability to malicious software

The Diebold software contains vulnerabilities that could allow an attacker to install malicious software on voting machines or on the election management system. Malicious software could cause votes to be recorded incorrectly or to be miscounted, possibly altering election results. It could also prevent voting machines from accepting votes, potentially causing long lines or disenfranchising voters.

Susceptibility to viruses

The Diebold system is susceptible to computer viruses that propagate from voting machine to voting machine and between voting machines and the election management system. A virus could allow an attacker who only had access to a few machines or memory cards, or possibly to only one, to spread malicious software to most, if not all, of a county’s voting machines.
Thus, large-scale election fraud in the Diebold system does not necessarily require physical access to a large number of voting machines.

Vulnerability to malicious insiders

The Diebold system lacks adequate controls to ensure that county workers with access to the GEMS central election management system do not exceed their authority. Anyone with access to a county’s GEMS server could tamper with ballot definitions or election results and could also introduce malicious software into the GEMS server itself or into the county’s voting machines.

Continue reading “CA Software Reports Released – Diebold subtracts from democracy”

Likely that state’s largest election will go unaudited

The Norwich Bulletin reports concern in Plainfield because the ballot for a charter revision may reach three pages. No mention in the article that the state’s new audit law does not provide for random audits of ballot questions. Apparently huge concern in Norwich over cost of ballots, yet they have likely spent thousands on developing the charter revisions and will put it all at risk for a relatively small amount as at least that part of the election goes unaudited.

Read the full story

An hour with the Secretary of the State

Susan Bysiewicz live blogged tonight on MyLeftNutmeg. MLMBlog

I asked two questions and got two answers, both of which were disappointing in different ways.

But 1st let me say that I endevored to ask reasonable questions and make reasonable comments. There were two bloggers there that asked very confrontational, long, and sometimes insulting questions. I note that one of them registered only on July 24th, and has not blogged until today, with the name LiveFreeOrDie, I suspect someone from out of state. I note that the other, obviously from CT registered on April 17th, but has not commented until today.

Although the Secretary was to take questions on four subjects, the vast majority were on voting machines.

WHAT I LEARNED

– She started with a long entry, probably prepared ahead. The news for voting integrity was that she referenced the anticipated Brennan Report, to which she provided a link. (It is 40 pages plus another 50 in appendixes). I attempted scanning it quickly it appears to be more of a survey confirming many other reports without taking many strong stands. Yet, it will take a real read to really see what it has to offer. Report.

– I asked if she was happy with the confidence levels of 2-4% of detecting fraud in municipal and state legislateive races. She said “NO”. But, in reality it is clear she confused the 10% random district audit level with the resulting confidence level. So, not surprisingly, we learned that she, like many seems to have a weak grasp of statistics, at least in a fast blogging session. Unfortunately, the one hour blog session is not an environment suitable to educating on such subjects. I am sure most people can understand enough if we could actually sit down with their full attention for a few minutes.

– I asked that if when SB1311 mentioned primaries, elections, and races, if it included referendums and questions in audits?. I was disappointed to have my suspicions confirmed that they will not be audited. And pleased that she expressed the possibility of working on that in the future.

I would hope that she and other officials are not detered from similar sessions.

Is Diebold ineligible in NY?

Memo to Governor Spitzer:

New York State Law Prohibits State from Entering into Contract with Any of the Vendors under Consideration

New York State is enjoined from doing business with vendors who lack business integrity or whose past performance is wanting…none of the voting machine vendors New York is presently considering doing business with are eligible for contracts.

Not that the laws or lack thereof in Connecticut should preclude us from concern that each of our individual races, and precincts are programmed for each election in secret by Diebold employees.

Read the report