California Hack test stalled as Diebold certification derails

[Guest guest]

M

Wed, 21 Dec 2005 06:11:38 -0600

[GranniesAgainstGeorge] California " Hack " test stalled as

Diebold certification derails

 

 

 

 

Permission to reprint granted, with link to: http://www.blackboxvoting.org

 

 

California " Hack " test stalled as Diebold certification derails

 

 

BREAKING - Dec. 20, 2005: California Secretary of State Bruce McPherson

has laid a subtle and elegant trap. Today, California threw Diebold

Election Systems'

pending certification into a tailspin, using Machiavellian logic

designed to cast doubt

on the federal testing lab process, the upcoming HAVA deadline and

Diebold voting

systems simultaneously (while standing neatly aside to watch the house

of cards

collapse).

 

This move follows on the heels of a devastating hack demonstration by

Harri Hursti

sponsored by Black Box Voting, which took place in Leon County,

Florida on Dec. 13.

This hack manipulated memory cards by exploiting design defects and

Diebold's

customized " AccuBasic " program code.

 

Here's how the California trap works: In a terse letter to Diebold,

State elections

chief Caren Daniels-Meade writes, " Unresolved significant security

concerns

exist with respect to the memory card used to program and configure the

AccuVote-OS [optical scan] and the AccuVote-TSX [touch-screen] components

of this system because this component was not subjected to federal source

code review and evaluation by the Independent Testing Authorities

(ITA) who

examined your system for federal qualification. It is the Secretary of

State's

position that the source code for the AccuBasic code on these cards,

as well

as for the AccuBasic interpreter that interprets this code, should

have been

federally reviewed.

 

" .we are requesting that you submit the source code relating to the

AccuBasic

code on the memory cards and the AccuBasic interpreter to the ITA for

immediate

evaluation. We require this additional review before proceeding with

further

consideration of your application for certification in California. "

 

And herein lies the trap. Federal testing authorities are supposed to

rely on

standards set by the Federal Election Commission. The FEC standards

prohibit

" Interpreted code " - thus, the AccuBasic " interpreter " is illegal.

(The entire

AccuBasic source code tree is written in a home-brewed language that

Diebold

programmers made up themselves, making it more difficult for

certifiers to examine.)

 

The Hursti memory card attack demonstrated in Leon County Florida

manipulated

the voting system by passing code through -- drum roll please -- the

Diebold

interpreter, using a set of programs called AccuBasic which was

written in a

concocted computer language and (now it is revealed) was never examined at

all by federal testing labs.

 

The ITA dilemma: ITAs have the choice of either recommending code that

explicitly

violates FEC standards (placing an unsupportable liability burden on

them) or

admitting that the original certification was defective. If the ITAs

retract their

recommendation, it will effectively strip Diebold of its federal

certification, and

may also affect its older products.

 

The Diebold dilemma: Diebold can refuse to submit its code to the

ITAs, but that

will lose the state of California, continuing a pattern initiated last

week when

two Florida counties dumped their Diebold machines. Alternatively,

Diebold can

submit its code and watch as the federal authorities sever their

product line

from the U.S. market.

 

The position is made more unstable because Diebold is now fending off

stockholder

suits by an armload of attorneys piling on to solicit clients for a

voting machine-related

securities fraud lawsuit.

 

California Secretary of State letters to Diebold Election Systems:

http://www.bbvdocs.org/legal/Dumpty1.pdf

http://www.bbvdocs.org/legal/Dumpty2.pdf

 

Something terribly wrong has happened here.

 

American citizens have been commenting on the unacceptable performance

of the

ITAs since before Black Box Voting was incorporated in 2004.

 

In November 2002, Dan Spillane (a former senior test engineer for

VoteHere) met

with Black Box Voting founder Bev Harris.

 

" It's a house of cards, " he said, showing her stacks of bogus ITA reports.

" The bottom card is the certification process. " Spillane says he

flagged more

than 250 system integrity errors in the touch-screen system he

evaluated, yet

the system passed every level of certification. He was terminated by

VoteHere,

he sued, and the case was settled by VoteHere with details kept

confidential.

 

Here are writings by computer programmer Jim March on this subject: " The

Federal testing process was subverted multiple times by Diebold

staff.we're

going to need to study the Federal certification process, in public. "

http://www.equalccw.com/lewisdeconstructed.pdf (Date 9/23/2003; Jim March)

 

Bev Harris's book, Black Box Voting, took the ITAs, NASED and the

state examiners

to task: http://www.blackboxvoting.org/bbv_chapter-6.pdf (Date 10/10/2003;

Bev Harris). Harris published interviews with state voting machine

examiners

exposing slipshod state certification that relies on the flawed

premise of strong

federal certification: http://www.blackboxvoting.org/bbv_chapter-9.pdf

(Date 10/15/2003)

 

A Riverside (Calif.) computer programmer Jeremiah Akin writes of ITA

failure

during testing of Sequoia voting software: " Failure of certification

process to catch

major security flaws in software:.Riverside has run elections on

software that

was later found to contain major security vulnerabilities that were

not spotted in

the certification process. "

http://www.exit.com/RiversideVoteTest/letters/response_to_mudslinging.pdf

(Date 2/29/2004; Jeremiah Akin)

 

Black Box Voting published ITA reports from Ciber Labs for Diebold

showing that

" penetration tests " (security evaluations) were marked " not

applicable " and " not tested. "

http://www.bbvdocs.org/general/ciber-reports.zip

(Oct. 17, 2004; Black Box Voting, Inc.)

 

Susan Pynchon, an ordinary citizen who now runs the Florida Fair

Elections Coalition,

wrote this analysis demonstrating a breakdown in Florida's state

certification process:

http://www.bbvdocs.org/general/FFECreport.pdf (Date July 11, 2005;

Susan Pynchon)

 

Ordinary citizens led this investigation, gathering momentum and

evidence nationwide,

resulting in the Thompson and Hursti security tests in Florida,

culminating in the

California Secretary of State ordering Diebold and federal testing

labs to go clean up

their room (while neatly diverting attention from state-level

certification failures).

 

And now, a word from one of our forefathers:

 

" There is only one force in the nation that can be depended upon to

keep the

government pure and the governors honest, and that is the people

themselves.

They alone, if well informed, are capable of preventing the corruption

of power,

and of restoring the nation to its rightful course if it should go

astray. They alone

are the safest depository of the ultimate powers of government. "

-- Thomas Jefferson - END

 

--\

-----

 

-Black Box Voting is a nonpartisan, nonprofit 501c(3) elections

watchdog group

supported entirely by citizen donations. To support our work, go to

http://www.blackboxvoting.org/donate.html or mail to

330 SW 43rd St Suite K PMB 547 Renton WA 98055Black Box Voting

 

 

http://BuzzardsRoost.aimoo.com

http://www.GranniesAgainstGeorge.us