Category: Reports

Bev Harris has a new video on UTube showing the Hursti Hack in Florida with Ion Sancho and some testimony in New Hampshire by Hari Hursti and John Silvestro. John Silvestro is President of LHS Associates the Diebold distributor in that programs all our elections in Connecticut in secret in Massachusetts. Apparently in New Hampshire also uses LHS to program their elections. We take a few more precautions here but are subject to the same risks. <video>

Here is the accompanying article from BlackBoxVoting <read>

Update: Read more on Mr. Silvestro’s views of outsourcing <read>

My opinion is yes because I feel very confident that the process itself is better left in the private thing than it is in the public venue when I see the influence that each political party can put on people and make things happen in this country whether right or wrong, I mean if you think about it and I’d ask you the same way. Would you like politically connected people to vote parties, to be in charge of running you know the process of creating voting machines, counting ballots and you know would you like that? I don’t know…

Update: Food for thought from Brad Friedman <read>

NH Primary: Pre-Election Polls Wildly Different Than Results Announced for Clinton/Obama
Other Pre-Election Numbers, For Republicans and Rest of Dems, Nearly Dead on the Money…

the pre-election pollster’s numbers (NOTE: that’s not Exit Polls, but Pre-Election Polls!) were dead-on, for the most part, on the Republican side, as well as on the Democratic side. Except in the do-or-die (for Hillary) Clinton v. Obama race. I’m watching MSNBC right now, and they all seem to agree that the results, for the moment, defy explanation.

While I have no evidence at this time — let me repeat, no evidence at this time — of chicanery, what we do know is that chicanery, with this particular voting system, is not particularly difficult. Particularly when one private company — and a less-than-respectable one at that, as I detailed in the previous post — runs the entire process.

I strongly suggest you go over to the original article at Brad Blog and at least read the graphs. The whole post is well worth reading. There are legitimate questions here which need answers, for instance: Why do journalists accept exit polls as explanations for why people voted a certain way but reject counter conclusions of those same exit polls? I will echo Brad that we don’t have enough data to determine answers here, nobody may ever have access to the necessary data such as original paper ballots under a reliable chain of custody. Let me also echo myself, the Carter-Baker Commission, and the Brennan Center for Justice that it only takes a very small number of people to change an electronic election – not a conspiracy. Yet, perhaps it would take a conspiracy to avoid a convincing analysis of the actual data.

Report recommends votes central count optical scan voting <read>

Update: The Free Press discusses the report and we point out implications for Connecticut. Read after the following update.

Update: Microsolve Executive Summary Report <read>

To summarize, if you are concerned about the safety of your medical records or credit card information – the threat to your right to choose your own government is much, much, much more vulnerable and real.

These vulnerabilities demonstrate the capability for attackers who gain access to specific components of the system to influ- ence and tamper with the confidentiality, integrity and availability of the elections process. Generally speaking, the vulnerabilities identified in the study stem largely from the lack of adoption of industry standard best practices that have been developed for the IT industry over the last several years…

MSI did not have access to the source code of the applications nor to any specific “insider information” other than data that was publicly available from the vendor and from the Interet. MSI was provided with access to the systems in an unrestricted manner for the purposes of testing. This access to he systems was used to identify the vulnerabilities of the system. Obviously, attackers would not be given such wide access to the systems in question, thus we take this intoconsideration when we discuss the identified issues. However, it should be noted that access could likely be obtained by determined and/or well-resourced attackers through a variety of means ranging from bribery and breaking-and-entering to social engineering and outright coercion. Histoy has shown that determined attackers often find powerful ways to gain access to their targets.

All three vendor systems reviewed have serious gaps in compliance with even the most basic set of in- formation security guidelines used by systems in industries such as finance, insurance, medical care, manufacturing, logistics and other global commerce. Given the extremely valuable data that these systems process and the fact that our very democracy and nation depend on the security of that data, much work remains to be done by all three vendors. Adoption of best practices and implementation of additional controls to create a defense-in-depth security posture are critical to enhance the security of these systems.

Continue reading “Ohio Report: Eliminate Precinct Count Optical Scan”

In August, the Secretary of the State of California decertified electronic voting equipment from Diebold, ES&S, and Sequoia. Her action was based on the Top-To-Bottom Review, which consisted of four reports on each vendor. Two of those reports, Documentation and Source Code were not released at the time. On October 5th, I highlited the Documentation Review. Today, I highlight the Source Code Review.

A Source Code Review sounds like and is a very techinical topic. However, this report is very educational and easy to read. Read the Executive Summary, read the Introduction, and more. I don’t expect everyone to read it completely, but please start and see  if you agree that it is accessible and articulate. I cannot add to the report, however, I can provide some highlights and encourage you to go farther <the report>

From the executive summary:

Our analysis shows that the technological controls in the Diebold software do not provide sufficient security to guarantee a trustworthy election. The software contains serious design flaws that have led directly to specific vulnerabilities that attackers could exploit. These vulnerabilities include:

• Vulnerability to malicious software…
• Susceptibility to viruses…
• Vulnerability to malicious insiders…

Although we present several unpublished vulnerabilities, many of the weaknesses that we describe were first identified in previous studies…

we conclude tht the safest way to repair the Diebold system is to reengineer it so that it is secure by design.
Continue reading “Diebold Source Code – CA Top-To-Bottom Review”

Debra Bowen has recently released the “Documentation Assessment of the Diebold Voting Systems”. Having served as a software buyer and as a product manager, I can attest that software documentation is almost always an afterthought, usually poor, hard to keep up to date, and expensive to do well. Its also a very boring and mundane topic for the average software developer and untechnical user.

Yet, don’t overlook this report. There are Gems (no pun intended) and very valuable insights available from the report. Below are several excerpts to hopefully entice some to read at least a few pages of the report:

conscientious local election officials attempting to master the Diebold system will find the documentation presents numerous impediments to their managing the voting system correctly, in a manner that achieves high accuracy, security, and other core objectives…

Pursuant to the federal standards, Diebold submitted to CIBER [Independent Testing Authority] a set of voting system security policies…A comparative analysis shows that the security policies Diebold filed with CIBER were considerably more stringent and extensive than those it ultimately documented in Diebold’s product manuals..

Continue reading “Diebold Documentation – CA Top-To-Bottom Review”