I'm filing a Public Records Act Request this AM...

...at the Alameda County Registrar of Voters office. I will also be talking about it at the Board of Supes meeting this AM...1221 Oak St., Oakland Calif if anybody is curious :).

It's not what you'd think. See attached. Oh, wait, that doesn't work - it's an MS-Word file. So let's try this:

http://www.equalccw.com/voteprar.doc

WOW !!

Go get 'em, Jim


And I thought Emperor "DICK" Daley The First of Chikago, ILL had the market cornered on voter fraud, and passed all the secrets on to Emperor "DICK" Daley II.

:D

Ya know Jim's THR trading card is appropriate...Yosemite Sam... two six shooters in hand...relentless ain't he :D

Get 'em Jim
(KATN ;) )

Tear them up Jim :D .

It's funny, I just finished rereading "The Moon is a Harsh Mistress" where Heinlein made the point (LONG before this was even conceivable to the majority of the population) that people assume that the computer is honest. Most people don't question if the programmer is also (or in RAH's case the computer itself ;) ).

This way of throwing the election would be much easier than recruiting drunks or registering dead people :rolleyes: .

Greg

I'm a computer programmer, and if what was described is correct, I'd say it's a very serious problem.

So in the techical paper Diebold says:
The researchers installed and analyzed a prior version of the AccuVote-TS software And then they say:Diebold claims that this code is not in the field Sounds like double talk to me.

I cannot see any way to build a completely electronic system that can't be easily doctored. Considering the fact that there is so much personal data available for purchasing (from places like 1-800-US-SEARCH) a person can use such data to manufacture a complete database containing the desired results, then simply delete the old db and replace it with the new db. I'm sure that creative programmers can find a hundred other ways to mess with the data. If there's no hard copy, there's no way to verify.

There is a way I can see of doing this electronically...serial numbered PROMs (Programmable Read Only Memory.) Banks of PROMS would be registered by the state and handed out to voting sites. All voting machines at one site are connected to the same PROM. As votes are made, the bare minimum information required to verify the vote is programmed into the PROM. The information is now permanent, electronic, and verifiable.

You might be able to perform a similar operation with a CD, but that might turn out to be too tricky because of the way CDs work.

Anyways, good luck.

we have proven that analog hanging chads can be recounted

what if an electronic voting tally is different everytime the sort is run?

a multitude of worms and virii could reprocess the data until it is just properly aligned spew

or crafty social engineers could convince the ladies of the voter league to hand over the data carts and an "improved" load tool could be inserted

2+2=5

First I gave my little three-minute speech at the Board of Supes meeting. From the looks on their faces, I had their attention but didn't get any questions or comments out of them.

So off to the registrar's office. Spoke to a clerk, laid out basically what was up, said I probably needed to talk to somebody "fairly high up the food chain" (said with a grin).

She took the PRAR, time/date stamped it, gave me a copy of the stamped version (proof of filing, quite professional of her to *offer* without my even asking, a good sign), and then took it back to the Regisrar himself (Bradley Clark, seemed a very nice guy and probably is).

He skimmed it, and then came out to talk to me with his chief techie in tow.

He was already familar with the John Hopkins report and the rebuttal to it Diebold had just came out with. Reports on this have made the news out here; the San Jose Mercury covered it in an editorial. I explained that the John Hopkins findings weren't what I was concerned with, and got into some of what Bev Harris found - which has NOT made the media. At least not so far.

I made it clear that I realize we cannot "play with" the actual vote-count PC, as that's a "secure system". And we can't take the Diebold software off-site, as that would be a copyright problem. He seemed surprised that I understood all this right off the bat, he was expecting a fight over one or both.

I explained that what we can do is two-fold:

1) Take any standard PC, either in the office or supplied by the sheriff's high-tech crimes unit, and load MS-Access on it and the actual data from a previous election. Without any Diebold program code around, we can look for the "double data storage" issue, the ability to screw with audit trails and some other Bev Harris allegations.

2) Assuming those pan out, we can then load the Diebold "GEMS" management software on that same "test PC", and make sure dickering with the file in Access isn't readily discoverable in the GEMS software as Harris reports.

By that point, we'll know how bad the situation is.

I was also VERY clear that I don't believe his office engaged in fraud. I was impressed by his behavior and that of his staff. The issue here is the software.

He made it clear that he has to run the PRAR past the County Counsel's office (county lawyers), which is understandable as it's an odd sort of PRAR. In closing, I asked that he consider making sure somebody from the Alameda Sheriff's office high-tech crimes unit be there at the evaluation, so that he can ensure nothing tricky is done by me plus he can take a police report and maintain a chain of custody on evidence if the Harris allegations prove to be both correct and "found live in the field".

So we'll see. Next step, I'm HTMLizing the PRAR so I can easily distribute it to journalists like Dan Gillmore of the SJ Mercury news.

What else...OH ya, Mr. Clark's "techie" asked a good question: "if this is true, how did it clear all the various tests done by the Federal Election Commission?"

It didn't fully hit me how to answer that until the ride home (sigh) but hit me it (finally) did and I'll get it to him at some point:

Basically, Diebold didn't *tell* anybody this thing was based on MS-Access.

Look, the GEMS program runs on a PC that is "kept pristine" - NOT one loaded with MS-Office. And the Diebold distribution doesn't include Access. Apparantly, one of the hackers examining the load of files grabbed in January realized that the data files were in plain ol' Access versus some proprietary data format as you'd expect. Either they realized the extensions (.mdb, .mdw) meant MS-Access, or they looked at the data files in a hex editor and figured it out (Diebold may have changed the extension name, I don't know for sure yet). Once you know that these are Access data files, all security more or less evaporates(!) when you load Access and poke at the files that way versus GEMS.

It's quite possible everybody "official" missed this MS-Access connection. But once an army of general web-geeks got hold of the treasure-trove of files from the FTP site, it was all over :D.

(For non-techies, Mac people or whatever: on a Windows PC, you can click on a data file and the OS will open the correct program to deal with that data file. The OS "knows" because of the three-letter (rarely, four-letter) "code" that comes after the period. MS-Word documents are .DOC, fr'instance.

Holy ****, and I thought Israel was bad,,,,:eek: :eek: :eek:

Jim, is this for mass consumption? I'd like to forward this to a few people.

Lapidator

me too, I have many friends who would love to hear this, they are gods when it comes to access and databses in general.

Jim,

I just sent you an e-mail introducing you to an Arizona http://ernesthancock.com activist and radio host who has been on this e-voting and Diebold for a few years.

Imagine 52% of the votes cast in this nation controled by one company, Diebold, and nobody is allowed to view the prorietary software.

That's one powerful programmer.

I sure would like to see what politicians that company or owners donate to.

One thing that Ernie found when he did the pre-election day walk-through here in Phoenix was that the election computer had a cable running to the vote tabulator. Fair enough. But it also had a cable running to a Modem connected to an outside line. When the elections folks were questioned about it, they claimed it was a "one-way modem." Mmmm hmmmm. Data gets sent out... but I wonder what gets transmitted back?

Computer talk: "1001011010110010101001101010100110101"

Translation: "Bump vote count to our candidate by 1,527 votes..."

Rick

Ya, forward far and wide.

Once I get the initial response back from the county, I'm going to NEED a local Access guru. *Bad*. My Access is rusty and was minimal to start with. I *think* I can follow along from the Bev Harris initial report and duplicate where she got to...in fact one major thing on the to-do list is download a set of the Diebold data and practice screwing around with it. Luckily, I have MS-Access 2000.

I'll have an HTML version of the PRAR up tonight with full links working.

Jim...
WOW !

Sam

Jim, WoW here too! Do you ever sleep?:D


Giant

Sleep?

:)

Anyways. I have an HTML version of the PRAR up, at:

http://www.equalccw.com/voteprar.html

THAT is the URL everybody should pass around now. It contains links to Word and Acrobat versions.

Next step: the media. They're all focused on the John Hopkins study, and ignoring Bev Harris.

Good Work Jim

Check your mail.

We SF geeks have known for at least 30 years that electronic/computer voting would be the easiest kind with which to cheat. When we went to touch-screen here I asked the clerk of elections 1. If she knew how it worked; and 2. If she could tell if there was cheating. She answered NO to both!

Edited for clarity and grammar

The following just went to Dan Gillmore of the SJ Mercury News:

See also http://weblog.siliconvalley.com/column/dangillmor/

----------

Dan,

Today's SJ Mercury editorial misses a HUGE part of the story.

Basically, they're saying "hackers grabbed code, John Hopkins team analyzed it, report produced, oooh, there's theoretical holes".

That ain't the whole story, not by a longshot.

The "hackers/techies/activists" did their own study, led by Bev Harris, who compiled the results. THAT study is a lot more damning than anything the Hopkins team found.

The JH study focuses on potential security threats at the voting terminal. But if somebody wanted to deliberately bugger an election wholesale, that's not where to go - you'd want to monkey with the central vote collection/count computer at the Registrar of Voters office.

That's the side Bev Harris and company studied:

http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm and a follow-up
at:
http://www.scoop.co.nz/mason/stories/HL0307/S00078.htm

Basically, the ONLY way this garbage could have gotten past government certification is if nobody realized the data files were actually MS-Access files. Once you know that, you can close down all of the Diebold software, do literally whatever you want to the data files within Access, and a number of interesting things happen:

1) Most of what happens to the data in Access doesn't even make it into the audit log;

2) Even if it did, the audit log is itself editable and contrary to standard practice for an Access audit trail, audit log entries aren't numbered. So you can delete whatever entries you want and there's no way to tell it's out of sequence.

3) The data structures are internally duplicated, equivelent to "keeping two sets of books" in accounting terms. See also the Harris reports. It's just *freaky*.

That's not even the half of it.

What needs to happen next is, we need to see if this BS was actually installed/working in the counties. And we need to see what sort of Internet connection one of those central systems have, what (if any) firewall software, etc. The nearest customer of Diebold is Alameda, so this morning I filed a Public Records Act Request to set up on-site inspection of the computers, old data files and software right at the Registrar's office. You can see that PRAR here:

http://www.equalccw.com/voteprar.html

More discussion on all this is going on here:

http://www.thehighroad.org/showthread.php?s=&postid=404509

Anyways. The total blackout on the Harris data is frightening...almost as scary as the implications of the report. Either nobody's noticed, or they're all scared and waiting to see if her results really pan out and we've got an attempted friggin' coup on our hands.

Jim
Your THR mailbox is full, my reply sent to your reg email
also:

http://www.nexdisk.com/e_index.asp

http://www.tigerdirect.com/


edit: you posted before I could.
re Mercury News...WOW

Jim, if you need anyone who knows access contact me, I know several experts, I can maybe get someone to help.

Give em' Hell!

Thank God we have people like Jim March in the world. I can't imagine what it would be like without them!

Dan Gillmore turns out to be off-duty for a while.

But I just got off of a recorded phone interview with KGO news radio :D.

Beyond impressive. We ARE lucky to have people like Jim in the world.

the JHU study is making the news in my neck of the woods too:
http://www.gazette.net/200331/montgomerycty/state/170155-1.html

Yup. That's very typical of the reporting so far. Heavy on the John Hopkins, dead nothing on the Bev Harris stuff.

Holy cow Jim! The implications of this are almost too scary to contemplate.

I wonder if any of the major networks would be interested, or the Wall Street Journal.

Spooky stuff.

Watch your back... :scrutiny: :what:

I'm doing more than just watch my back.

Y'all notice what's missing from that PRAR? :scrutiny:

Right. My address. Contact is requested via EMail or fax (the latter is 100% untracable - trust me, that's an EFax gateway number and I've moved twice since then :evil:. And yes, I also forgot to tell my ISP where I live. Whoops. Guess I'll correct that eventually - once there's no more crookedness in government :rolleyes:.

Mama may have strained to eject my big butt, but she didn't forget to give me any smarts.

http://www.equalccw.com/alamedaprarresponse.pdf

Just got it in.

A small amount of this might be on target, but most is utter BS. I'm in the process of looking up the code cites listed and will have a more formal response soon.

I'm going to file a follow-up PRAR that, among other things, will ask for the contracts with Diebold. Let's see what sort of exotic secrecy clauses are really in there.

The good news: we can analyse the Bev Harris allegations just by looking at a set of actual vote data files from the last election. The problems are coded into the database structure, particularly the lack of audit trail item numbers and the "duplicated data structures" pointing to a "double set of books problem" (actually triple set, 'cept we don't know what set #3 does).

Set number three probably compares names who voted this time against names who voted last time against registered voters. This way the PTB who are correlating the votes can figure out how many votes they can punch into the system from each district to ensure "their" candidate wins...

That started out as a silly reply, but after re-reading it I'm not so sure. :uhoh:

0007: hmmmm. Not a bad theory, but there's a problem: IF Bev's theory about how datasets one and two work, and it's pretty solid because she's looking at how the GEMS program uses the data in question (versus just poking around in MS-Access), then dataset one doesn't get changed. So, that would be your un-altered "base set" - there wouldn't appear to be a need for a third one.

(Let's re-cap: if you ask GEMS for the results from a single precinct, you'll get a response derived from dataset one. Ask for a countywide total, it comes out of set two. As long as the total votes are the same (read: yank 500 votes from one candidate, give 'em to another) between the two sets, everything looks fine. This is exactly what you'd do to defeat the normal process in most (all?) counties when election results look funky: spot-check a couple of precincts and analyze them in detail.)

So what's the third for? No idea. Maybe a backup set in case whoever intended to dick with set two screwed up and doctored both ONE and two - three could then be used to stick the right data into one, concealing the tampering. Let's remember that vote-tampering can get you thrown in jail. If they thought there was any chance of such an accident, tally three could be used to save their butts?

Take a look; all comments on this VERY welcome, barring suggested changes this gets filed Monday 8/11 (it's very early Sunday as I write this).

Since the formatting is rather critical to understanding it, here's links to the Acrobat PDF version:

http://www.equalccw.com/alamedafollowup.pdf

...and the same in HTML:

http://www.equalccw.com/alamedafollowup.html

Again: criticism or suggestions for other things to look for welcome.

Note that the request for the purchase orders *should* include the hardware listings, including modems. Not guaranteed though.

If the results of this query show problems, hopefully we can force even more digging. At some point, we need to physically inspect the vote-count system; I'll try and do that on 8/11 when I'm dropping the revised PRAR off at both the county attorney's office and the registrar's office.

My "voteprar" page (http://www.equalccw.com/voteprar.html) has been updated with links to the above, and a link to the county's initial response.

Go to bed Jim!

:)

I am reminded of when people first started pointing out flaws in Windows. MS said they were just "theoretical" until l0pht came up with a program to crack the very weak password hash in NT.

The fact that these vulnerabilities exist should be enough to ditch the system. It can be proven that untraceable tampering is possible so we should assume that it has already happened or that it will happen next time the system is used.

If enough people picketed the polls with signs like "Hack the Vote!" or "Ban Viral Voting" or "Electronic Voting is not hacker proof!"

If we did that, we could probably get enough attention and get people riled up enough that they would have to do something.

We could do like the liberals do - if someone looked at the data, we can say the voting system has already been hacked and get people to mistrust it.

Man, can you just imagine picket lines staffed by a *mixture* of Democratic Underground and Freepers? On the SAME SIDE of the issue?

:eek:

(Yes, I'm going to bed now...but man, is that ever a mental image.)

Ok, not to argue with your assertions, but let me give you a DBA's perspective on this (I'm a MSSQL DBA).

First, I would NEVER use Access for this. MySQL would be a superior solution, and it's generally accepted as being a pathetic lighweight system.

Data that appears to be redundant may actually not be so. Speaking hypothetically, as I don't have the schema in front of me, it is not hard to come up with a reason to store the data this way. One might design the system to provide certain features that would produce data of interest in an election using three tables. One table (the elusive "third" table, perhaps?) might contain straight-up voting records, say in the format of tracking number, county, precinct, and then the actual vote (or votes, assuming multiple races on the ballot). It would not be illogical, from a design standpoint, to then separate the data into the other two tables. It may be that a statistical sample from various counties might be desirable (remember that map that they printed on T-shirts showing the county-by-county results from the 2000 presidential election?), or even the same data broken down by precinct. It would not be hard to store a query to extract this data on-demand, but considering how slow the Access engine is, and the fact that you could be looking at a SERIOUS number of records, it wouldn't be such a bad idea to store this stuff in 3 different tables so that you could access it all without having to execute the query every time.

One of the other things to look at is the fact that Access does actually have referential integrity. So, if there was a field that was common between two tables, it would actually not be possible to change one without changing the other if they were properly tied together, which I would do with this software to help prevent tampering, but they may not have. Whether or not the database was set up that way can be determined easily from the .mdb file.

Basically, what all this boils down to is that it is VERY important to find out just exactly how the data tables were populated. If the data was dumped into one main table and then sifted into two others for more convenient extraction for statistical analysis, then the fraud angle is much less likely, but if it is dumped to the three tables individually... well, then there's your three sets of books, and that would raise a flag. Anyway, it's all speculation without the .mdb file, which, btw, I am VERY interested to see, so let me know if you can get it.

So, what came out of this? Will they stop using these machines?

State-hired study reports that voting machines need fixing

http://www.gazette.net/200340/princegeorgescty/state/180715-1.html



by Steven T. Dennis and Thomas Dennison
Staff Writers
Oct. 2, 2003

ANNAPOLIS -- An analysis of the state's new $55.6 million electronic voting system found 66 flaws that could lead to fraud and errors, but many of the weaknesses -- and how they will be fixed -- remain a closely guarded state secret.

The state hired Science Applications International Corp. (SAIC) to review the new system. SAIC described the security of the voting machines as "at high risk of compromise," and outlined a litany of security holes, from the lack of a security plan to unencrypted vote transmissions to a computer server at the State Board of Elections vulnerable to hacking through the Internet.

Gov. Robert L. Ehrlich Jr. (R) called the report on the Diebold voting system "positive," saying the state would fix the vulnerabilities in time for the March presidential primary.

Municipalities with November elections should not be concerned, administration officials said, because the machines were already used securely in last year's elections in Prince George's, Dorchester, Montgomery and Allegany counties.

Critics questioned the decision to retain the Diebold system, as well as the withholding of more than 100 pages of the report from the public over concerns that the redacted material could provide a road map for election fraud.

Senate Judicial Proceedings Chairman Brian E. Frosh (D-Dist. 16) of Chevy Chase called for public hearings into the report and ripped the Ehrlich administration for keeping so much of it secret.

"There seems to me to be a fundamental contradiction between their statement that they are fixing the security issues and they can't release the report because of security concerns," he said. "Either it is secure or not."

Frosh said the public needs to have confidence in the voting system.

"You don't inspire confidence by saying, 'We know we have a lousy system but we're going to fix it, and by the way, we're not going to tell you all the problems we've found and how we are fixing them,'" said Frosh. "It looks terrible. It looks like you are trying to hide something."

Aviel D. Rubin, a professor at Johns Hopkins University whose analysis in July slamming the Diebold system as riddled with security holes sparked Ehrlich to commission the SAIC study, said the documented flaws support his contention that the system should be scrapped.

"It's almost like the people in Maryland making the decisions didn't read the [SAIC] report," he said. "I'm just shocked. I don't understand why they would commission this study and given the results of the study, then go ahead."

Rubin likened the decision to implement the system despite the risks to parents continuing to use a defective car seat that could kill their children. He said it would be far better to use a well-designed system than to retrofit a litany of security procedures onto what he termed the poorly designed Diebold product.

And he criticized the Ohio-based company's contention that it has already used the voting system in past elections without problems. Rubin said that is like driving a car without a seat belt and saying that it is safe when you have not gotten into an accident.

Diebold and state officials defended the system.

Mark Radke, director of voting industry for Diebold Election Systems, said his company had already fixed the three security weaknesses the study identified with the machines themselves.

The study "verifies the fact that we have a very secure solution," he said.

"We believe we are fully prepared to roll out the [voting] machines for the 2004 presidential primary," said Gilles W. Burger, State Board of Elections chairman.

Burger said the Hopkins study was relevant, but the SAIC report is the "most robust" risk assessment study ever done in the nation for an election organization.

SAIC, which holds a $2.6 million contract to handle security for the computer systems in state offices, conducted the review at no cost to taxpayers.

Burger said Diebold has made changes to the voting machines including better encryption methods and smart card technology. The machines are not connected to a network and so would not be affected by a computer virus or tampering, he said.

Other changes, ranging from an independent security review of Diebold software to hiring a security officer, will be implemented beginning in October and continue through the primary.

Budget Secretary James C. "Chip" DiPaula Jr., who oversaw the investigation by SAIC, said he expects the report and the new security measures, including training for poll workers, to restore public confidence.

"We're confident that this will safeguard the entire election process," DiPaula said.

magine 52% of the votes cast in this nation controled by one company, Diebold, and nobody is allowed to view the prorietary software.

Kind'a sort'a makes me wonder a little bit about Diebold.