Documents: voting system test lab omitted test for tamperability

[Guest guest]

r

Sun, 7 Nov 2004 20:01:42 -0500

Subject:! Documents: voting system test lab omitted test for tamperability

 

 

! Documents: voting system test lab omitted test for tamperability

 

 

Freedom of Information requests at

 

http://www.blackboxvoting.org

 

have unearthed two Ciber certification reports indicating that security

and tamperability was NOT TESTED and that several state elections

directors, a secretary of state, and Dr. Britain

 

Williams signed off on the report anyway, certifying it.

 

The documents, posted at Black Box Voting (.ORG) show that Ciber Labs'

Shawn Southworth used a conformance chart specifying FEC regulations,

marking each test item " pass " or " fail. "

 

Southworth " tested " whether every candidate on the ballot has a name.

But we were shocked to find out that, when asked the most important

question -- about vulnerable entry points --

 

Southworth's report says " not reviewed. "

Ciber " tested " whether the manual gives a description of the voting

system. But when asked to identify methods of attack (which we think the

American voter would consider pretty important), the top-secret report

says " not applicable. "

 

Ciber " tested " whether ballots comply with local regulations, but when

we asked Shawn Southworth what he thinks about Diebold tabulators

accepting large numbers of " minus " votes, he said he didn't mention that

in his report because

 

" the vendors don't like him to put anything negative " in his report.

After all, he said, he is paid by the vendors.

 

Was this just a one-time oversight?

Nope. It appears to be more like a habit.

 

We also posted the sister report, for another vendor entirely, VoteHere,

and you can see that the critical security test, the " penetration

analysis " was again marked " not applicable " and was not done.

 

Maybe another ITA did the penetration analysis?

Apparently not. We discovered an even more bizarre Wyle Laboratories

report. In it, the lab admits the Sequoia voting system has problems,

but says that since they were not corrected earlier, Sequoia could

continue with the same flaws. At one point the Wyle report omits its

testing altogether, hoping the vendor will do the test.

 

Computer Guys: Be your own ITA certifier.

 

Black Box Voting has posted a full Ciber report on GEMS 1.18.15. We also

posted a .zip file download for the GEMS 1.18.15 program. We also

provided a real live Diebold vote database. Compare your findings

against the official testing lab and see if you agree with what Ciber

says.

 

E-mail us your findings.

 

Who the heck is NASED?

 

They are the people who certified this stuff. Now, if the security of

the U.S. electoral system depends on you to certify a voting system, and

you get a report that says security was " not tested " and " not

applicable " -- what would you do?

 

Perhaps we should ask them. Go ahead. Hold them accountable for the

election we just had. (Please, e-mail us their answers) Their names are

listed on the Web site.

( URL ABOVE) Bev Harris