From the Open-Publishing Calendar
From the Open-Publishing Newswire
Indybay Feature
The discussion at Black Box Voting on CA voting machine and election procedures . . .
The more you know about the amazingly easily hacked nature of the voting machines, the more scary the whole thing becomes. Read on.
Posted: Wed Oct 08, 2003 2:28 am Post subject: URGENT: We need two audit tasks performed in California
--------------------------------------------------------------------------------
1) According to California law, the results are to be printed out by the voting machine and posted on the polling place when the polls close.
Go to polling places. Observe whether or not the results are posted. Report that here -- name the county and the polling place
2) Write down the number at the polling place. This will be compared with the formal results. Remember that absentee votes will still be added
3) Obtain the poll book numbers -- this is the number of people who signed in to vote.
It is the above comparisons that yields proof that machines miscount, when they do. And if you doubt that they do, download Black Box Voting, Chapter 2 (http://www.blackboxvoting.com)
This is really Bev Harris, using David's ID to sign in because mine doesn't work right now
Back to top
David
Site Admin
Joined: Oct 05, 2003
Posts: 48
Location: High Point, NC
Posted: Wed Oct 08, 2003 2:34 am Post subject: Re: URGENT: We need two audit tasks performed in California
--------------------------------------------------------------------------------
Bev as David wrote:
1) According to California law, the results are to be printed out by the voting machine and posted on the polling place when the polls close.
These results should stay there for seven days, I believe. Make sure to get in there and report back -- thanks!
Back to top
David
Site Admin
Joined: Oct 05, 2003
Posts: 48
Location: High Point, NC
Posted: Wed Oct 08, 2003 2:49 am Post subject: IMPORTANT --
--------------------------------------------------------------------------------
This posting of the printed report, which should be printed BEFORE modeming in results, is actually quite an important audit and security measure. Bypassing it does not bode well (and may fuel litigation, in combination with other omissions).
In fact, the reason I've been told not to worry my head about the GEMS hack is because that report is posted at the polling place and is run BEFORE results are sent into GEMS. So if it is run afterwards, or if it isn't run at all, and if it is not posted, that means the GEMS results become suspect.
Again, Bev using David's name because my sign-in doesn't work for some reason
Back to top
David
Site Admin
Joined: Oct 05, 2003
Posts: 48
Location: High Point, NC
Posted: Wed Oct 08, 2003 2:56 am Post subject: Carried over from post at Democratic Underground
--------------------------------------------------------------------------------
I put the same request there -- hold onto your hats, folks.
READ THIS:
I just walked over to my polling place and, nope, nothing posted outside with vote totals. But, curiously, one of the side doors to the polling area was propped open. Kinda like Watergate, I thought. I went to the main entrence, which was locked and then I went back to the propped open door and wondered for a moment if it would be trespassing or B&E if I went in.
I didn't need to consider that question for very long because some guy came out the front door. He said to me about the door I was holding open, "hey that door shouldn't be unlocked," and asked me what I was looking for. I told him I was looking for the printout of the results. He let me look around the room unsupervised for a second (he stepped out) while I looked. When he came back he pointed to the corner -- said, maybe it's with the machines.
Yep, there in the corner were the Accuvote machines. Unlocked room. 11:30pm. Private citizen wandering around. He left the room again, while I looked through the paperwork that was sitting on top of the machine.
When I was finished, I walked out and told the guy I couldn't find the sheet. He volunteered to find some of the poll workers for me, but I declined.
Oh, and I closed and locked all the doors behind me when I left.
Give me an email address, and I'll let you know where this was.
From a forum member who goes by "AP"
NOTE-- email bev [at] blackboxvoting.com if you wish to report details in more privacy. I need exact location and time of day.
Back to top
David
Site Admin
Joined: Oct 05, 2003
Posts: 48
Location: High Point, NC
Posted: Wed Oct 08, 2003 3:32 am Post subject: bump to top
--------------------------------------------------------------------------------
This is important
Back to top
David
Site Admin
Joined: Oct 05, 2003
Posts: 48
Location: High Point, NC
Posted: Wed Oct 08, 2003 12:21 pm Post subject: Election-tampering and California's missing reports
--------------------------------------------------------------------------------
This is important. This is not merely a procedural technicality.
One of the most important safeguards for a certain kind of election tampering is hitting the "print" button to get the results from each machine, before they are consolidated elsewhere. In California, this printout must be posted on the door when the polls close.
So far, I can't find anyone who found this required printout on the door. Let's look at the implications:
1) The electronic ballot boxes, for both touch screens and optical scan machines, are memory cards. A memory card is the size of a credit card. You can palm it into your sleeve or carry around a stack of replacement "ballot boxes" in your pocket. If you do not run the report before taking the original memory card out of the optical scan or touch screen, you can substitute a different one.
2) Each of the major vendors has a central tabulator. With Diebold, it is called GEMS. They all have it. If you tamper with the tally at the central count, it will show up when you compare it with the printout at the polling place (as long as someone does the comparison). If you don't do that printout, it's much more feasible to tamper with GEMS or the central count without getting caught.
3) Now a word about the timing of running the report: If it is run later, it might be run on substitute or unauthorized memory cards (electronic ballot boxes).
4) And a word about waiting until the next day to post that printout: This blows away the whole reason you do it. If you can get the printout after central tabulation is done, what you are doing is taking the printout AFTER all the shenanigans have a chance to take place.
5) What if they ran the printout on time, but just didn't post it until later? In that case, you have to have a chain of custody over the printout. What's to prevent them from running it, and someone else substituting it? A chain of custody, perhaps, but who is monitoring this?
In short, failure to print the report immediately opens up all kinds of windows for election-tampering, by removing one of the key pieces of auditing evidence.
Bev Harris
=====================
David: Can you post this at BlackBoxVoting.com?
Back to top
David
Site Admin
Joined: Oct 05, 2003
Posts: 48
Location: High Point, NC
Posted: Wed Oct 08, 2003 1:14 pm Post subject: UPDATE:
--------------------------------------------------------------------------------
I've been on the phone with the legal dept. of the California Elections Division.
Now, when doing interviews with election officials for Black Box Voting, they told me the reason we don't need to worry about security flaws in GEMS is that the law in California requires the printout to be made and then posted on the door.
So I went looking for the law. Doesn't exist, it appears.
I couldn't find any such thing in the California statutes, so I called the Elections Division, who says they've never heard of this, and that results are not posted anywhere until after the election.
Okay. So my question is this: All you have to do on any of these machines is hit "print" and it prints the results for that machine at that polling place. Why not post this?
Now, no one professes to know even about this simple procedure. If they do not have such a procedure, it kicks the legs out of one more auditing function.
Bev Harris
Back to top
David
Site Admin
Joined: Oct 05, 2003
Posts: 48
Location: High Point, NC
Posted: Wed Oct 08, 2003 2:18 pm Post subject: They are bypassing the safeguards.
--------------------------------------------------------------------------------
UPDATE:
I've been on the phone with the legal dept. of the California Elections Division.
So I went looking for the law. Doesn't exist, it appears. If that's the case, the safeguard does not exist either, and the security of the cards and GEMS becomes critical.
I couldn't find any such thing in the California statutes, so I called the Elections Division, and here is their response:
1) This is not in the statutes, but it is in the required procedures set out by the Secretary of State office. But it isn't exactly what I was told. The optical scans may not print a report (though they are certainly capable of it.) He said they don't tabulate until the ballots are run through, but here's the problem with that: I vote on an optical scan. Part of the voting process is: You put your ballot directly through the machine. So yes, it can tabulate and print a report. It's just that they apparently don't use this important safeguard feature.
2) Next, touch screens. He said the Sequoia touch screens do not have a printer in them. (A printer can be attached to the serial port, but okay, they can't print.) The Diebold machines have an internal printer, and they do print a "summary report" but they do not post it; instead they submit it with the memory card.
I asked him about the chain of custody of the memory cards and their accompanying report. A memory card and a piece of paper are much easier to replace than a ballot box and all its ballots. He said he has no idea about the chain of custody procedures.
3) We then discussed the memos. He said that the state of California has looked into them (they were concerned about the memo that says not to have Wyle look at the Windows CE system. He said that is not as it seems. I asked him why, and he explained that Wyle only tests the hardware. I said, the issue is, was this tested by either Wyle or Ciber (it wasn't) but actually, the CE is on the touch screen, and is considered firmware, and it is indeed Wyle that is supposed to test it. Then I asked him what he thought about the memos that refer to intercepting and transmitting votes by cell phone, in Marin and Tulare counties.
That stopped him in his tracks. "That's not certified," he said. Nope. "They haven't done that," he said. Yup, they have. I told him where to find it in the memos. He got very quiet.
I then asked him who compares the summary report from the touch screens with the GEMS report. He said he has no idea.
Do you get the impression that all these audit controls aren't worth a cup of warm spit?
Bev Harris
Back to top
David
Site Admin
Joined: Oct 05, 2003
Posts: 48
Location: High Point, NC
Posted: Wed Oct 08, 2003 4:17 pm Post subject: From junkdrawer at DU
--------------------------------------------------------------------------------
What we are seeing here is "therory vs. practice"....
When anyone attends a meeting about the safety and auditability of ANY voting method, they are presented "The Theory". The Theory sounds great and it becomes hard (but not impossible) to imagine ways in which the system could be hacked if The Theory were in place.
In Practice, the absolute minimum that allows for a transmitted result is done. Zero Value and Summary Reports are not run because you can transmit results without them. And proof of this is when a citizen asks for copies of the reports - they're just not there.
The result of all this is that rigging elections becomes child’s play. In fact, GEMS seems to me to be purpose-built to accommodate such a scenario. And here's the hell of it: Without these reports it is impossible to prove that any fraud has occurred.
Why, I seem to remember even our friend TinfoilHatProgrammer (Editor's note: a disruptor who acts very much like a Diebold shill at Democratic Underground) agrees that without the reports, elections are easily hacked. His respose, if I remember correctly, was: "Well, how is that the fault of Diebold? The reports are there. If people don't run them, it's not Diebold's fault."
--------------------------------------------------------------------------------
1) According to California law, the results are to be printed out by the voting machine and posted on the polling place when the polls close.
Go to polling places. Observe whether or not the results are posted. Report that here -- name the county and the polling place
2) Write down the number at the polling place. This will be compared with the formal results. Remember that absentee votes will still be added
3) Obtain the poll book numbers -- this is the number of people who signed in to vote.
It is the above comparisons that yields proof that machines miscount, when they do. And if you doubt that they do, download Black Box Voting, Chapter 2 (http://www.blackboxvoting.com)
This is really Bev Harris, using David's ID to sign in because mine doesn't work right now
Back to top
David
Site Admin
Joined: Oct 05, 2003
Posts: 48
Location: High Point, NC
Posted: Wed Oct 08, 2003 2:34 am Post subject: Re: URGENT: We need two audit tasks performed in California
--------------------------------------------------------------------------------
Bev as David wrote:
1) According to California law, the results are to be printed out by the voting machine and posted on the polling place when the polls close.
These results should stay there for seven days, I believe. Make sure to get in there and report back -- thanks!
Back to top
David
Site Admin
Joined: Oct 05, 2003
Posts: 48
Location: High Point, NC
Posted: Wed Oct 08, 2003 2:49 am Post subject: IMPORTANT --
--------------------------------------------------------------------------------
This posting of the printed report, which should be printed BEFORE modeming in results, is actually quite an important audit and security measure. Bypassing it does not bode well (and may fuel litigation, in combination with other omissions).
In fact, the reason I've been told not to worry my head about the GEMS hack is because that report is posted at the polling place and is run BEFORE results are sent into GEMS. So if it is run afterwards, or if it isn't run at all, and if it is not posted, that means the GEMS results become suspect.
Again, Bev using David's name because my sign-in doesn't work for some reason
Back to top
David
Site Admin
Joined: Oct 05, 2003
Posts: 48
Location: High Point, NC
Posted: Wed Oct 08, 2003 2:56 am Post subject: Carried over from post at Democratic Underground
--------------------------------------------------------------------------------
I put the same request there -- hold onto your hats, folks.
READ THIS:
I just walked over to my polling place and, nope, nothing posted outside with vote totals. But, curiously, one of the side doors to the polling area was propped open. Kinda like Watergate, I thought. I went to the main entrence, which was locked and then I went back to the propped open door and wondered for a moment if it would be trespassing or B&E if I went in.
I didn't need to consider that question for very long because some guy came out the front door. He said to me about the door I was holding open, "hey that door shouldn't be unlocked," and asked me what I was looking for. I told him I was looking for the printout of the results. He let me look around the room unsupervised for a second (he stepped out) while I looked. When he came back he pointed to the corner -- said, maybe it's with the machines.
Yep, there in the corner were the Accuvote machines. Unlocked room. 11:30pm. Private citizen wandering around. He left the room again, while I looked through the paperwork that was sitting on top of the machine.
When I was finished, I walked out and told the guy I couldn't find the sheet. He volunteered to find some of the poll workers for me, but I declined.
Oh, and I closed and locked all the doors behind me when I left.
Give me an email address, and I'll let you know where this was.
From a forum member who goes by "AP"
NOTE-- email bev [at] blackboxvoting.com if you wish to report details in more privacy. I need exact location and time of day.
Back to top
David
Site Admin
Joined: Oct 05, 2003
Posts: 48
Location: High Point, NC
Posted: Wed Oct 08, 2003 3:32 am Post subject: bump to top
--------------------------------------------------------------------------------
This is important
Back to top
David
Site Admin
Joined: Oct 05, 2003
Posts: 48
Location: High Point, NC
Posted: Wed Oct 08, 2003 12:21 pm Post subject: Election-tampering and California's missing reports
--------------------------------------------------------------------------------
This is important. This is not merely a procedural technicality.
One of the most important safeguards for a certain kind of election tampering is hitting the "print" button to get the results from each machine, before they are consolidated elsewhere. In California, this printout must be posted on the door when the polls close.
So far, I can't find anyone who found this required printout on the door. Let's look at the implications:
1) The electronic ballot boxes, for both touch screens and optical scan machines, are memory cards. A memory card is the size of a credit card. You can palm it into your sleeve or carry around a stack of replacement "ballot boxes" in your pocket. If you do not run the report before taking the original memory card out of the optical scan or touch screen, you can substitute a different one.
2) Each of the major vendors has a central tabulator. With Diebold, it is called GEMS. They all have it. If you tamper with the tally at the central count, it will show up when you compare it with the printout at the polling place (as long as someone does the comparison). If you don't do that printout, it's much more feasible to tamper with GEMS or the central count without getting caught.
3) Now a word about the timing of running the report: If it is run later, it might be run on substitute or unauthorized memory cards (electronic ballot boxes).
4) And a word about waiting until the next day to post that printout: This blows away the whole reason you do it. If you can get the printout after central tabulation is done, what you are doing is taking the printout AFTER all the shenanigans have a chance to take place.
5) What if they ran the printout on time, but just didn't post it until later? In that case, you have to have a chain of custody over the printout. What's to prevent them from running it, and someone else substituting it? A chain of custody, perhaps, but who is monitoring this?
In short, failure to print the report immediately opens up all kinds of windows for election-tampering, by removing one of the key pieces of auditing evidence.
Bev Harris
=====================
David: Can you post this at BlackBoxVoting.com?
Back to top
David
Site Admin
Joined: Oct 05, 2003
Posts: 48
Location: High Point, NC
Posted: Wed Oct 08, 2003 1:14 pm Post subject: UPDATE:
--------------------------------------------------------------------------------
I've been on the phone with the legal dept. of the California Elections Division.
Now, when doing interviews with election officials for Black Box Voting, they told me the reason we don't need to worry about security flaws in GEMS is that the law in California requires the printout to be made and then posted on the door.
So I went looking for the law. Doesn't exist, it appears.
I couldn't find any such thing in the California statutes, so I called the Elections Division, who says they've never heard of this, and that results are not posted anywhere until after the election.
Okay. So my question is this: All you have to do on any of these machines is hit "print" and it prints the results for that machine at that polling place. Why not post this?
Now, no one professes to know even about this simple procedure. If they do not have such a procedure, it kicks the legs out of one more auditing function.
Bev Harris
Back to top
David
Site Admin
Joined: Oct 05, 2003
Posts: 48
Location: High Point, NC
Posted: Wed Oct 08, 2003 2:18 pm Post subject: They are bypassing the safeguards.
--------------------------------------------------------------------------------
UPDATE:
I've been on the phone with the legal dept. of the California Elections Division.
So I went looking for the law. Doesn't exist, it appears. If that's the case, the safeguard does not exist either, and the security of the cards and GEMS becomes critical.
I couldn't find any such thing in the California statutes, so I called the Elections Division, and here is their response:
1) This is not in the statutes, but it is in the required procedures set out by the Secretary of State office. But it isn't exactly what I was told. The optical scans may not print a report (though they are certainly capable of it.) He said they don't tabulate until the ballots are run through, but here's the problem with that: I vote on an optical scan. Part of the voting process is: You put your ballot directly through the machine. So yes, it can tabulate and print a report. It's just that they apparently don't use this important safeguard feature.
2) Next, touch screens. He said the Sequoia touch screens do not have a printer in them. (A printer can be attached to the serial port, but okay, they can't print.) The Diebold machines have an internal printer, and they do print a "summary report" but they do not post it; instead they submit it with the memory card.
I asked him about the chain of custody of the memory cards and their accompanying report. A memory card and a piece of paper are much easier to replace than a ballot box and all its ballots. He said he has no idea about the chain of custody procedures.
3) We then discussed the memos. He said that the state of California has looked into them (they were concerned about the memo that says not to have Wyle look at the Windows CE system. He said that is not as it seems. I asked him why, and he explained that Wyle only tests the hardware. I said, the issue is, was this tested by either Wyle or Ciber (it wasn't) but actually, the CE is on the touch screen, and is considered firmware, and it is indeed Wyle that is supposed to test it. Then I asked him what he thought about the memos that refer to intercepting and transmitting votes by cell phone, in Marin and Tulare counties.
That stopped him in his tracks. "That's not certified," he said. Nope. "They haven't done that," he said. Yup, they have. I told him where to find it in the memos. He got very quiet.
I then asked him who compares the summary report from the touch screens with the GEMS report. He said he has no idea.
Do you get the impression that all these audit controls aren't worth a cup of warm spit?
Bev Harris
Back to top
David
Site Admin
Joined: Oct 05, 2003
Posts: 48
Location: High Point, NC
Posted: Wed Oct 08, 2003 4:17 pm Post subject: From junkdrawer at DU
--------------------------------------------------------------------------------
What we are seeing here is "therory vs. practice"....
When anyone attends a meeting about the safety and auditability of ANY voting method, they are presented "The Theory". The Theory sounds great and it becomes hard (but not impossible) to imagine ways in which the system could be hacked if The Theory were in place.
In Practice, the absolute minimum that allows for a transmitted result is done. Zero Value and Summary Reports are not run because you can transmit results without them. And proof of this is when a citizen asks for copies of the reports - they're just not there.
The result of all this is that rigging elections becomes child’s play. In fact, GEMS seems to me to be purpose-built to accommodate such a scenario. And here's the hell of it: Without these reports it is impossible to prove that any fraud has occurred.
Why, I seem to remember even our friend TinfoilHatProgrammer (Editor's note: a disruptor who acts very much like a Diebold shill at Democratic Underground) agrees that without the reports, elections are easily hacked. His respose, if I remember correctly, was: "Well, how is that the fault of Diebold? The reports are there. If people don't run them, it's not Diebold's fault."
For more information:
http://whitestarwebsitedesign.com/bbvrepor...
Add Your Comments
Latest Comments
Listed below are the latest comments about this post.
These comments are submitted anonymously by website visitors.
TITLE
AUTHOR
DATE
Not sure who that is
Wed, Oct 8, 2003 11:46PM
whoa
Wed, Oct 8, 2003 9:32PM
One more thing - this just in
Wed, Oct 8, 2003 7:48PM
We are 100% volunteer and depend on your participation to sustain our efforts!
Get Involved
If you'd like to help with maintaining or developing the website, contact us.
Publish
Publish your stories and upcoming events on Indybay.
Topics
More
Search Indybay's Archives
Advanced Search
►
▼
IMC Network