John Lott on e-voting

Status
Not open for further replies.
C

Cool Hand Luke 22:36

member
Joined
Oct 19, 2003
Messages
2,290
Location
Arlington, VA
I don't beleive the most widely used systems (Diebold) have any of the security safeguards Lott mentions.

_________________________________________

Hacker hysteria

By John R. Lott Jr.

Does fraud threaten the upcoming presidential election? Everyone seems to think so. California Secretary of State Kevin Shelley recently banned 43,000 electronic voting machines this fall unless paper receipts are provided and a long list of other conditions are fulfilled. With just six months before the presidential election, county registrars were in a state of shock, predicting that a change close to an election meant chaos.
Bill Maher jokes that "some 13-year-old hacker in Finland is going to hand the presidency to (singer) Kylie Minogue." More seriously, Sen. Hillary Clinton warns Democrats how "hacking" easily can "skew our elections" and points out that a Republican is the second-largest manufacturer of electronic voting machines. Senators and congressmen are rushing to introduce legislation requiring that electronic machines have paper-recording devices.


Last month Democrats on the U.S. Commission on Civil Rights claimed electronic voting machines meant "we're ending up in '04 with the very same problems and issues that were there before."
Yet, these horror stories have one major problem: None of the electronic voting machines is hooked up to the Internet. The machines are stand-alone units. It would be like someone trying to hack into your computer while it wasn't hooked up to the Internet. Impossible.
Most electronic voting machines transfer the election results to a compact disk or some other "read only" format. These CDs are then taken to a central location where they are read into a computer. In the 20-plus years that these machines have been used, in many counties all across the country, there has never been a verified case of tampering.
When computer scientists warn of possible tampering with voting machines, they are not talking about hacking but about someone physically breaking open the lock on each individual machine and reprogramming it. Even if those breaking into the machines overcome the tamper-proof seals without being noticed, going through one computer at a time hardly seems like the way to steal most elections.
What about the nightmare scenario that a Republican manufacturer secretly will program the computers to alter the election results? Such a scheme easily would be revealed as precincts check the machines for accuracy with sample votes both before and after the election. In California, machines were even randomly chosen to test during the day just in case their programs miscounted votes only during voting hours. If, say, one out of every 10 votes were switched, it would show up when sample votes are fed into the machines.
A few electronic voting machines, along with even more optical scans, offer election officials the option to collect vote counts using encrypted modems in addition to removable read-only memory. A security expert commissioned by the state of Maryland reportedly "broke into the computer at the state Board of Elections" during a testand"completely" changed the election results.
Yet, the tampering wasn't under real-world conditions, used an old system and really didn't change the results. Hackers have not only to know what telephone number to call, bypass the modem encryption and determine the password within a very narrow time frame, but two sets of calls reportedly from the same precinct would raise a red flag. Even if all those things go wrong, the original data in the voting machines would not be compromised, and it would still be possible to conduct an accurate recount.
Interestingly, no politicians so far have raised these same concerns about optical scans even though this threat involves hacking a central computer, not electronic voting machines.
So what about the claim that electronic voting machines make recounts impossible because they lack paper records? Each electronic voting machine contains multiple redundant "readonly"memories. These unalterable memories are just as available to be rechecked as paper records.
Paper ballots add nothing, except generating unnecessary costs. The redundant "read only" memories also protect against computer crashes or corrupted data. Lever machines also have never used paper receipts.
It is remarkable that paper records with their history are now held up as the gold standard. Take just one exampleofhowpaper records could be misleading. Suppose that voters are given a chance to double check their electronic ballots and signal whether they are correct. If incorrect, the machine prints out a statement voiding the original receipt, and voters are allowed to vote again. If the programming fraud is rampant, as critics claim, a machine could simply void the paper record after the voter has left and then print out a new receipt.
The irony is that Democrats who complained the loudest about how punch-card machines and hanging chads in Florida disenfranchised voters are now complaining the loudest about what they earlier insisted was the "cure." Conspiracy theories may rally the political faithful, but at the risk of poisoning the political debate for years to come.

http://www.washtimes.com/op-ed/20040510-094329-3822r.htm

John R. Lott Jr., a resident scholar at the American Enterprise Institute, served as the statistical expert for the minority report produced by the U.S. Commission on Civil Rights on the Florida 2000 election.
 
While I admire Professor Lott, in this case he doesn't know his bee-hind from a hole in the ground.

Does he imagine that these "read-only" memories are used once and then thrown away? I wonder how theyget reset? Maybe through software? Hackable software?

Lott should stick to guns, laws and statistics, about which he knows a lot, and avoid pontificating about computers and their security vulnerabilities, about which he seems to know precious little.
 
Agricola, if brevity is the soul of wit, you must be Groucho Marx. Still, I don't know what "Mary Rosh" has to do with this subject.
 
Yes, Agricola, we know who Mary Rosh is. Thank you for your input. :rolleyes:

I would like to hear from Jim March. Jim, please explain why John Lott is not correct.
 
Mary,Mary (rolls eyes)

So John Lott did the old strawman trick? big deal.
I used to post on an anti gun forum as "Leni Reifensthal"
And gush about how I taught Mike Moore everuthing he knows.
"Leni Reifensthal" Triumph of the Will-Hitlers favorite film
It was discovered that TONS Of authors,many repectable Journalist,Professors etc were fluffing up their reviews on Amazon.com.
In fact we can go there and leave reviews on anti books (if we want).
It's no big deal
 
Does he imagine that these "read-only" memories are used once and then thrown away? I wonder how theyget reset? Maybe through software? Hackable software?
Click to expand...

CD-ROMs are considered read-only. They can be written to once and never again. Another example of similar technology is called a worm drive. Data would have to be altered BEFORE writing to disk or extra data would need to be created out of thin air to be written in addition to the real votes.

The way to do this is to make the code as painfully simple as possible. When the "Vote" button is pressed, the software writes a 1 or 0 for each voting space on the board (an unused position is still a 0) directly to the read-only drive. The code for this might be 20 lines. A software review would easily verify that this is what it does. Code would be loaded from read-only drives on bootup. When finished, the number of voters would be verified by the judge of elections and compared to what is on the drive. Once verified, a checksum for the file would be created and allow an easy way to see if the file is altered at the central counting station.
 
The crybabbies are gearing up like opera singers before a performance.

When they loose in the fall and Bush gets another term the election will have been stollen.

MMMEEEEE MEE ME MEMEMEME.

Hillary Clintoon as lead soprano.

The song: The election was stollen by the republicans, they manufactured the voting machines
All the republican votes are fake, lets not count half the votes the republican ones cause they dont count they are all fake.

Kerry really won by a landslide you know.

Its all an evil repub plot to use the election machines to DISENFRANCHISE MINORITY VOTERS.

Its sad and its tastless and I've heard it before.:barf:
 
I am sure Jim will be along soon, let me provide you with a link from him to digest prior to his arrival:

http://www.equalccw.com/voteprar.html

gunsmith, Lott's issues go deeper than impersonating a female and fluffing up his own Amazon reviews; follow the links off that page and you find much to be suspicious of with regards to his works. It really is better to put your statistical faith in someone like Gary Kleck, you know.
 
Master Blaster

Kerry really won by a landslide you know.

Its all an evil repub plot to use the election machines to DISENFRANCHISE MINORITY VOTERS.

Its sad and its tastless and I've heard it before
Click to expand...

That's one really big drawback to e-voting, which eventually will be pushed on Americans everywhere, i.e., the fact that the technology is well beyond most people's understanding and therefore it's easy to descredit the results.
 
Mikul:

The code for this might be 20 lines. A software review would easily verify that this is what it does. Code would be loaded from read-only drives on bootup
Click to expand...

I believe that there are also secure operating systems where executables are kept in encrypted form until needed, with all the requisite internal authentication protocols between memory and processor to ensure no tampering.

There's no lackof the appropriate technology, that's for sure. And no excuse for the crappy level of security that folks like March have exposed so well in the Diebold system.
 
Matt Payne:

While I admire Professor Lott, in this case he doesn't know his bee-hind from a hole in the ground
Click to expand...

Lott is (badly) describing an idealized system which bears no resemblence to the crap systems currently in use. He definitely fails to make a case for e-voting.
 
agricola

Yes Gary Kleck is a great asset.Please don't speak ill of Lott though...
Why??
Well just because ...ok?;)

BTW I apoligize if the tone of my earlier post was offensive,I hadn't gotten my fix of caffiene.
 
I sent this to Dr. Lott's private EMail at [email protected] on 4/30/04 at 1:59pm.

His EMail addy was published at: http://johnrlott.tripod.com/

-------------------------------------------

Dr. Lott,

You may remember me. I'm the gun rights activist out in California who has been tracking racism and misconduct in concealed weapons permits; I have an autographed copy of "More Guns, Less Crime" and I am otherwise a huge fan of yours.

Which is why I was saddened by the factual errors in "Voting machine conspiracy theories" at:

http://www.signonsandiego.com/uniontrib/20040430/news_lz1e30lott.html

...and I assume elsewhere.

The errors on your part aren't minor issues. I'm going to quote your text and reply in detail.

>> Electronic voting machines were billed as the wave of the future just months ago. But now, by today, California's Secretary of State Kevin Shelley will have to decide whether to ban them. Even if he doesn't, the Legislature is threatening to do so. Supposedly, electronic machines - being installed across the country - will allow all sorts of fraud. <<

Shelley's staff documented their concerns here:

http://www.ss.ca.gov/elections/touchscreen.htm

Pay particular attention to the "Diebold Investigation staff report" covering this company's ethical and legal failures. Suggesting that this company isn't playing by the rules AT ALL can no longer be described as a "wild-eyed
proposition".

>> This month Democrats on the U.S. Commission on Civil Rights joined the chorus against electronic voting machines claiming: "We're ending up in '04 with the very same problems and issues that were there before."

Senators Hillary Clinton and Bob Graham, as well as Congressmen Rush Holt and Tom Davis recently introduced legislation to help prevent any fraud by requiring that electronic machines have paper-recording devices. Florida Congressman Robert Wexler has even brought a lawsuit because he worries that the Bush brothers will steal the election again, this time using electronic machines. <<

Hillary's legislation is a mess. No surprise there.

>> State and federal governments are spending billions of dollars to replace punch card machines with electronic machines. Yet, instead of improving the election process, the claims of fraud may poison the political debate for years to come. <<

We now know that the push towards electronic voting via HAVA was heavily
influenced by lobbying dollars from ES&S and other electronic voting systems vendors, who wrote much of the language.

ES&S provided the equipment that Nebraska politician Chuck Hagel has had his elections counted on...while for much of his career in politics he was a part owner of that same company.

Similar grotesque ethical errors can be found throughout the voting systems industry on both sides of the political spectrum but sadly, moreso on the GOP side.

I say that as a registered member of the GOP.

>> Bill Maher's jokes may be funny: "Some 13-year-old hacker in Finland is going to hand the presidency to (singer) Kylie Minogue!" And, more seriously, Sen. Clinton warns Democrats how "hacking" can easily "skew our elections" and points out that a Republican is the second largest manufacturer of electronic voting machines. <<

This is mostly a straw man argument. "Outside hacking" isn't the biggest concern; manipulations by the voting systems vendors is the biggest, followed by crooked elections officials, which we've seen our fair share of in Chicago, New Jersey, etc.

(Several jurisdictions have laws on the books regarding vote-counters having closely manicured fingernails. This is to prevent "Chicago pencils" where a piece of pencil lead is jammed under a fingernail and used to alter ballots, or the trick where a corner of a nail is cut to produce a makeshift "chad punch tool". Connecticut is one state with a statewide law to such effect. Ask yourself WHY they'd pass a law like that...)

>> While scary, the stories have one major problem: none of the systems is hooked up to the Internet. The electronic voting machines are stand-alone units. It would be like someone trying to hack into your computer while it wasn't hooked up to the Internet. Impossible. <<

Unlikely, yes...impossible?

Just before the November 2002 elections, Diebold tech Robert Chen was onsite in Alameda County configuring the central vote tally box. He wrote an EMail requesting tech support help from Diebold's elections HQ in Vancouver BC:

---------------
----- Original Message -----
From: "Robert Chen" <[email protected]>
To: <[email protected]> Sent: Monday, October 28, 2002 1:30 PM
Subject: AVTS modem upload BS 4.3.11

Hi,

Found something interesting here in Alameda County, and want to see if anyone has found this in the field. Especially those of you who are doing AVTS (we don't do AVOS) modem upload from the precincts.

Running: BS 4.3.11 GEMS 1.18.14 NT 4.0 6a

I am dialing the central computer's bank of modems (connected via Digi PCI X/em) and connecting to NT's Remote Access Server. I have assigned a ip pool (166.107.248.210 to 220) and the AVTS with PCMCIA card modems dial in okay, and make a connection with the RAS server. I can see the assigned ip address to the incoming AVTS unit. However, when I try uploading, it gives and error: "no connection to host". Yes, I have confirmed the HOST name and tried the IP address.

I tried pinging the AVTS unit and only get timeouts. I then tried simulating the connection with my laptop and was able to successfully upload. I was also able to ping my laptop from the server and vice versa.

At this point, I do not think, despite the port information displayed by RAS
Server, that the AVTS was taking the ip address.

I am sure I am probably doing something wrong and would appreciate some enlightenment.

rob chen
---------------

Allow me to translate: he's describing the configuration whereby the central vote tally system (high end Windows NT file server running "GEMS", Global Elections Management Software" was going to recieve incoming modem calls from touchscreen terminals running "Ballotstation", or "BS" on elections night, for early vote reporting. "AVTS" means touchscreen precinct terminals, "AVOS" means optical scan at the precincts.

These incoming connections happen via Internet protocols, although not "over the Internet".

As part of this process, "IP addresses" are assigned at the central GEMS machine to the incoming calls. It is critical that no two IP addresses conflict with each other, so a precise "naming convention" is in place, with specific "blocks" of addresses assigned to various companies.

Now do the following:

Open up a DOS shell window ("command line") on your own Internet connected PC. Yes, now. Enter the following command:

PING www.acgov.org

You'll get the Internet Protocol address for the Alameda County government web server: 166.107.72.47

See how the first two digits are the same as the GEMS box was configured?

You know what that means?

It means the GEMS box was set up to be intercompatible with the Alameda County network - which is on the Internet.

Oooops.

>> After the election, most electronic voting machines transfer the election
results to a compact disk or some other "read only" format. These CDs are then taken to a central location where they are read into a computer. <<

Problem: one, all three of the biggest and most suspect vendors (Diebold, ES&S and Sequoia) do NOT use read-only CDs. They use PCMCIA read/write memory cards.

Security problems with the data on these memory cards has been noted before. One of the Diebold internal memos that has been leaked discussed that very issue, in a report of a conversation with a California SecState staffer name of Lou Dieder:

-------------------
To: [email protected]
Subject: California Certification
From: Deborah Seiler <[email protected]>
Date: Tue, 27 Nov 2001 14:39:28 -0800

Certification of the R6 [ed: touchscreen voting system also known as the TS] received a unanimous recommendation from the California Secretary of State's 7 member Voting Systems Panel today. Legally, only the Secretary of State can certify it, but his certification is typically a pro forma ratification of the VSP's recommendation. I expect to have the signed certificate within a few days.

Lou Dedier, the Elections Division analyst responsible for voting system certification, told the panel our system had functioned without a hitch. (Little did he know I was sitting there with a machine with a frozen throat!) He noted the high quality components, saying we had "spared no expense" to develop a quality product. He also described to the Panel his inability--in contrast to some other systems--to break into it from the screen. He later told me he used his Palm pilot to break into another system, illustrating the dangers of wireless upload. He also told me privately that he attempted to program the PCMCIA card but failed. His PC told him he had a one in 40 billion chance of success. He told me this in contrast to SureVote's system which he said he broke into in "a minute and a half" and ESS's which he hacked in "an hour."

Lou did say that Avante passed Wyle on 11/24. Hart and Avante will probably be on the VSP agenda in January, though Lou said he had 150 questions for Hart to respond to.

Anyway, a big thanks to Larry, Ian, Susan, Steve, and anyone else involved. Now, any suggestions for fixing the card reader? Something is blocking the throat so the card can't be inserted even partially.
-------------------

According to a Public Records Act inquiry, Lou never reported this ES&S security issue to his government bosses. Instead, he took a job as VP of sales with ES&S less than a year later, after writing several glowing reports of ES&S security and functionality. It's not surprising he'd tell tales out of school to Diebold sales manager Deborah Seiler as she too was a former SecState staffer and co-worker of Lou's. Sequoia has also hired a former Calif SecState staffer to lobby that SecState's office: Alfie Charles.

And Lou was wrong about Diebold's PCMCIA security. Even if he was correct, *Diebold* would know how to crack it...

>> In the 20-plus years that these machines have been used, in many counties all across the country, there has never been a verified case of tampering. <<

Not true.

On elections night in 2000 in Volusia County FL running Diebold's optical scan system, somebody uploaded a duplicate PCMCIA memory card that had been hacked to report 16,000 *negative* votes for Gore and 4,000 positive votes for Bush, in a precinct of 950 or so voters. This ham-fisted idiocy was discovered on elections night, but only due to the ineptness of the hack.

All that means is, it probably wasn't Diebold that did it. They'd have done it
right.

Still, while the hack was detected, the hacker wasn't and is still at large.

This was reported in local media and then dissected in depth in Diebold Election System's EMails, which were leaked in the summer of '03 and included the full archive back to '99 (when the division was Global Elections Systems).

>> When computer scientists warn of possible tampering with voting machines, they are not talking about hacking but about someone physically breaking open the lock on each individual machine and reprogramming it. Even if those breaking into the machines overcome the tamper-proof seals without being noticed, <<

Would you like the phone number of a San Diego pollworker who was not only given a pile of Diebold touchscreens to store in her home prior to the election, but also extra little blue plastic tamper seals to go with them?

>> going through one computer at a time hardly seems like the way to steal most elections. <<

Here we agree. Keep reading.

>> What about the nightmare scenario that a Republican manufacturer will secretly program the computers in advance to alter the election? Suppose that such a tampering scheme were to occur. Such tampering would easily be revealed as the precinct election workers check the machines for accuracy with sample votes both before and after the election. <<

Like hell.

The level of automated test-voting is known ahead of time. Set it up so the
hack doesn't happen until after that.

>> Some machines are even randomly chosen to test during the day just in case their programs were set to only miscount votes during voting hours. If the programming switches, say, one out of every 10 votes, it would show up when sample votes are fed into the machines. <<

Same issue...Professor, there's a *reason* it's all computer geeks that are
concerned about this stuff!

>> A few electronic voting machines, along with even more optical scans, offer election officials the option to collect vote counts using encrypted modems in addition to removable read-only memory. Michael Wertheimer, a security expert commissioned by the state of Maryland to evaluate electronic voting security, reportedly "broke into the computer at the state Board of Elections" during a test and "completely" changed the election results. <<

He sure did. You're referring to the RABA report, in which the state of
Maryland commissioned the only "red team assault" (planned hack of an operating Diebold system). The Diebold gear failed miserably.

>> Yet, the tampering wasn't under real-world conditions, used an old system and really didn't change the results. <<

I know the source of those particular lies: Diebold. The "old system" thing in particular is documentable fraud.

>> Not only does a hacker have to know what telephone number to call, bypass the modem encryption and determine the password within a very narrow time frame, but two sets of calls reportedly from the same precinct would raise a red flag. Even if all those things go wrong, the original data in the voting machines would not be compromised, and it would still be possible to conduct an accurate recount. <<

Professor, I watched the returns processing at the San Joaquin County elections HQ on the night of the primary a month ago. I saw the Diebold employee on site. Hell, we filmed his ass handling PCMCIA memory cards as they came in from the field, inserting them into voting terminals that in turn uploaded them to the GEMS server over a dedicated Ethernet line. The room he was doing this in was mostly closed from public view. He could have stuck another memory card in there at any time.

Once he was noticed, county officials told him to cover up his corporate-logo
polo shirt with a jacket.

I suggest you speak with San Luis Obispo (CA) county registrar of voters Julie Rodewald. IF she'll talk to you after the last media storm last summer, she'll admit that a complete central vote tabulation of the absentee ballots (about 1/3rd of the total) was compiled early on the day of the Spring '02 elections (3:31pm) and shipped up to a Diebold website by 5:30pm.

http://www.cbsnews.com/stories/2003/09/11/tech/main572704.shtml

http://www.sanluisobispo.com/mld/sanluisobispotribune/6695542.htm

In addition to a multitude of other problems (such as this early compile and report was illegal as hell), this incident proved once and for all the level of direct physical access to county gear the Diebold employees have.

>> Interestingly, no politicians so far have raised these same concerns about optical scans even though this threat involves hacking a central computer, not electronic voting machines. <<

Well us "geeks" have been screaming bloody murder. Esp. where Diebold is concerned, where the same "GEMS" vote tabulation system is used for touchscreen and optical scan.

But hey, don't take my word for it. Download GEMS yourself and follow the "hack your own vote" instructions so you can see just how easy it is:

http://www.equalccw.com/dieboldtestnotes.html

You might Diebold's cease'n'desist notice for the above (and my response under the DMCA) entertaining:

http://www.equalccw.com/liebold.html

>> Paper ballots add nothing, except generating unnecessary costs. Possible computer crashes or corrupted data are taken care of by multiple redundant memory systems, some of which cannot be altered but are "read only." These memories are constantly checked for any differences. <<

Ah. Really? There's a lawyer in Riverside County who will be eager to hear that. You see, he filed a challenge suit in a close race on behalf of a "losing" candidate, and in the resulting "recount" got the final tabulated results from the easy-to-hack central database at elections HQ (Sequoia gear, but the issues are the same as GEMS). He then asked for the data in the redundant memory supposedly contained in each terminal.

They won't give it to him.

The exact same thing happened last fall in Shelby County TN in two races. Repeated demands for the in-terminal "redundant data", or at least the elections-night printouts from those terminals, were stonewalled and lied about in court. I was there. (In that case, the Diebold terminals at least produced paper printouts of the day's events before the data flows downstream into GEMS and hackability city. There are however documented instances of these paper printouts not agreeing with what the screen says:
http://www.equalccw.com/sscomments6.pdf - testimony of Ariel Ky. Sequoia terminals don't even have that but they DO supposedly have internal memory. So why is the registrar in Riverside fighting access?

It gets worse.

New for 2004, Diebold released new machines to provide the "smart cards" for each voter. These "smartcards" are programmed with a "Precinct Control Module" (PCM) which is a small computer created by Diebold which burns the thin, flexible 128k memory cards that IDs the voter and their ballot info by party and geography. This "PCM" was never submitted for "Certification" at the Federal test labs, being described as a "perpheral".

First problem: it was buggy as hell and hosed a lot of the voting.

Worse, it was modified right before the election.

And disasterously, according to the vendor of the "smartcards" and reader gear (Spyrus' "Rosetta" product line), the cards can contain "programs and data files".

So each voter inserted 128k worth of God only know what, right before they voted on elections day. 128k is WAY more than you need for the legitimate functions involved. It's big enough to contain a "nefarious payload" of any sort, including vote tampering...because nobody outside of Diebold knows what the PCM is doing.

See also the declaration of James Dunn:

http://www.equalccw.com/dunndeclaration.pdf

>> The irony is that the politicians who complained the loudest about how punch card machines and hanging chads in Florida disenfranched voters are now complaining the loudest about what they earlier insisted was the "cure." Conspiracy theories may rally the political faithful but at the risk of even greater hostility and mistrust among voters. <<

Professor, here are the conclusions of the SecState staff report on Diebold's
honesty and sanity:

----------------
In sum, Diebold:

1. marketed and sold the TSx system before it was fully functional, and before it was federally qualified;

2. misrepresented the status of the TSx system in federal testing in order to obtain state certification;

(continued due to length...)
 
(continued)

3. failed to obtain federal qualification of the TSx system despite assurances that it would;

4. failed even to pursue testing of the firmware installed on its TSx machines in California until only weeks before the election, choosing instead to pursue testing of newer firmware that was even further behind in the ITA testing process and that, in some cases, required the use of other software that also was not approved in California;

5. installed uncertified software on election machines in 17 counties;

6. sought last-minute certification of allegedly essential hardware, software
and firmware that had not completed federal testing; and

7. in doing so, jeopardized the conduct of the March Primary.

Source: http://www.ss.ca.gov/elections/touchscreen.htm - "Diebold Investigation staff report"
----------------

Calling myself, Bev Harris, Professor Rebecca Mercuri, Dr. David Dill, Professor Doug Jones and others "conspiracy theorists" doesn't address the underlying disaster here, and I am deeply disappointed in your column.

Professor Lott, you did important scholarship on the CCW issue in '97 with Prof. Mustard. That, you researched. If state governments always acted sanely, the CCW laws in California, New York and elsewhere would have been reformed shortly afterwards. You of all people know how screwed up things can get in the public sector.

Re-think your position here. You're being used as a stooge of some very corrupt and unethical people. You're better than that.

Pay attention to us geeks on this one, sir.

I will await your reply before making this document public.

Jim March
 
I really think Lott IS out of his depth on this one. For one thing, the threat isn't from off premises hackers. Just as banks have the most to fear from embezzlement by employees, not robbery by outsiders, the real threat in ballot fraud is from elections officials. Who don't need phone lines, as they've got unrestricted access to the machines, before, during, and after the election. And who, in many precincts which are dominated by one party or the other, don't have to worry about the presence of members of the opposition party.

He is right, though, that printing recipts doesn't accomplish diddly, for reasons to numerous to list. It's more a PR measure than anything.

Mind you, an electronic voting system which was darned near immune to ballot fraud could be designed. But optical scan gets you most of the way there, at far less cost. And if we REALLY wanted honest elections, we'd do away with absentee ballots. They're the ballot box stuffer's best friend.

The systems that are actually getting bought are so bad, compared to what's possible, that I've long since concluded that vulnerability to fraud isn't a bug it's a feature. :cuss:
 
OK, so why am I making this public now?

Because his latest "expansion" (http://johnrlott.tripod.com/op-eds/WTHackerHysteria.html) of the work I quoted above contains an unchanged paragraph:

Most electronic voting machines transfer the election results to a compact disk or some other "read only" format. These CDs are then taken to a central location where they are read into a computer. In the 20-plus years that these machines have been used, in many counties all across the country, there has never been a verified case of tampering.
Click to expand...

As I notified Dr. Lott back on 4/30/04, both statements in this one paragraph are lies. Diebold, ES&S and Sequoia all use PCMCIA read/write memory cards with very limited encryption if any, and attacks to those read/write devices have been documented.

Having been told this on 4/30 after his article in the San Diego paper, he repeats the same mis-information on 5/11 in the Washington Times.

Dammit.

This is what he sent me in response to the 4/30 message:

-------------
From: "John Lott" <[email protected]>
To: <[email protected]>
Sent: Friday, April 30, 2004 5:52 PM

Dear Jim:

I appreciate your comments, and I appreciate your interest in my work on guns. I don't have time to respond in depth, but I will assure you that I am not a "stooge" for anyone, nordid anyone ask me to write this piece. I have done a lot of work on voting machines, having been for example the statistical expert for the minority report from the USCCR on the 2000 election and having been the statistical expert for the state of Ohio in evaluating the different voting machines. I also worked with USA Today as one of their statistical experts. I do appreciate your information and I will look at it, though I should tell you that I have talked to computer programming experts as well as those who designed these machines (as well as their competitors). Attached is also a paper that I have done that is very critical of electronic voting machines with respect to another issue. Again, no one asked me to write this.

Regards,

John
-------------

My response:

-------------
Dr. Lott,

I appreciate your response, and am pleased to hear you're speaking
independently.

At a minimum, please look over the declaration of James Dunn:

http://www.equalccw.com/dnndeclaration.pdf

The growing body of evidence suggests that Diebold in particular withheld custom and customized code from scrutiny by the Federal oversight process - the "Independent Testing Authorities" (ITAs) approved by the FEC to review the code and hired by Diebold. What Dunn saw was part and parcel of that problem.

You wouldn't approve of a private company taking paper ballots into a closed room with zero supervision and doing whatever they wanted to them for as long as they wanted. When unmonitored code is used without a paper trail, the end result is identical to that paper scenario and we can only "trust the vendors"...nearly all of which have very funky if not improper political connections.

I've written two other open letters to the California SecState staff on this
subject that you'll find interesting:

http://www.equalccw.com/sscomment.pdf - covers the gross insecurities in GEMS and Diebold's efforts to cover up same, plus excerpts from an internal employee policy manual best described as "hilarous".

http://www.equalccw.com/sscoments2.pdf - covers how thousands of lines of custom code in the touchscreens was hidden from public view at the orders of Diebold Election System's head "techie" (Talbot Iredale).

I beg you - look this material over along with my original message to you. Of all the links I gave you, http://www.equalccw.com/dieboldtestnotes.html is by far the longest and most time-consuming and if you skim everything else, you'll get the idea without going into it in detail if you don't want to. This link allows you to download actual GEMS program code and steps you through doing your own analysis.

Jim March
-------------

The next thing I recieved from him:

-------------
I was familiar with the low battery problems and I know about the charges regarding the new software. I have also talked to people involved in this issue. We can debate the evidence on whether people were properly informed about the software changes, but there were lots of safe guards with respect to any software code changing how votes would be recorded. To my knowledge no one is arguing that the votes in this election weren't properly recorded.

Regards,

John
-------------

My reply:

-------------
There are however questions on vote tampering in other jurisictions. Georgia, for starters.

In Shelby County TN last fall, one of the candidates for Memphis mayor had his staff do exit polling. One of the precincts involved had 44 people claim to have voted for candidate John Willingham for mayor in a time span under two hours.

Official results put his take in that precinct at 12.

When he tried to obtain post-election data, he was given access to the final
numbers printed out from GEMS, but was denied access to data from the terminals.

This is real, John. It's not theory.

Jim
-------------

The last thing I recieved from him:

-------------
I don't think anyone serious takes the claims about Georgia seriously. The one case that proponents of fraud point to is in northern Virginia and after looking at it, it is hard to take that case seriously also. I haven't looked into the Memphis case.

John
-------------

All of this exchange was within two days of the 4/30/04 message from me to him.

Clearly, I do NOT like taking this situation public.

But.

He clearly didn't look at the "Dieboldtestnotes" file or the various "SSComments" series documents as he suggested he would.

Instead, on 5/11/04 he repeats easily disprovable statements regarding the "CD media" (really read/write memory cards on ALL THREE of the top three best-selling systems) and similar.

Sorry. I have to blow the whistle on that.
 
CHL: it turns out that whole exchange happened later in the day throughout 4/30/04. My last message to him went out just before midnight.

I consider his latest article of 5/11/04 a "response" of sorts.

A very bad one.
 
Well, he's not earning his living in academia anymore, he's an "expert" and pundit for hire. He may have "tweaked" his scruples accordingly. Wouldn't be the last academic to do that.:(

I'm at somewhat of a loss what special expertese a statistician brings to evaluating the security of a voting system, anyway. The fact that he can do math, and uses a computer?
 
Brett,

It's not the first time he's changed his viewpoints. If you read his book, he was initially ANTI-gun.

His study convinced him to change sides...
 
He has the typical academic's disdain for non-academic research.

So he blew me off.

That, he's going to regret. Because I *will* prove him wrong soon enough.

I can't tell y'all everything that's going on. More news coming. BIG news.
 
jim,

dunno if you remember Tim Lambert's visits here, but he has a long history of Lott making such claims that subsequently are found to be false (on the website below).

keep at it though, and good luck.

to the rest of you, incidents like this should be registering with you - those of you that are inclined to use statistical evidence to support gun rights should start thinking about whether Lott should feature so prominently, as opposed to say, Kleck.
 
Oh God.

See, this is why I just *hated* having to go here...

Because Tim Lambert was dead wrong on the gun issue.

Agricola, the reason there's this huge difference of opinion is that the anti-gunners count "self defense" by either dead bodies of home invaders (Kellerman) or criminal records of assailants *caught*.

That's just not how it works. Most self defense with a gun (or as I can personally attest, knife) is a "chase-off". Grabbers like Lambert don't think chase-offs happen.

There's yet another class of self defense cases grabbers vehemently deny: the "look effect" I guess you'd call it. It's when a goblin makes his approach to a victim, except that the victim spots it and shows ZERO FEAR. Because he's either got a gun on him, or knows what he's doing with good-sized cutlery. And seeing the LACK of fear, the goblin changes course...without ever seeing a weapon.

ONLY THE GOBLIN really knows for certain what the hell just happened. The would-have-been victim has some clue, but even he/she isn't certain and there isn't enough data to do a police report even if the intended victim was so inclined.

These things happen. They're reality, a reality Lambert and Sarah Brady and all their ilk deliberately ignore.

And a reality that did show up in Professor Mustard and Lott's stats.
 
Status
Not open for further replies.

Similar threads

W
  • Locked
Jim March--Call your office, please.
Replies
4
Views
616
Jim March
J
D
  • Locked
Machine Error Gives Bush Extra Ohio Votes
Replies
10
Views
825
redhead
R
D
  • Locked
Officials Wary of Electronic Voting Machines
Replies
2
Views
266
tellner
T
D
  • Locked
A Single Person Could Swing an Election
Replies
10
Views
399
Desertdog
D
J
  • Locked
CBS plays catch-up: Electronic Voting Causing Concern
Replies
2
Views
567
Jim March
J
Back
Top