Please watch

http://www.toostupidtobepresident.com/s ... chines.htm


Diebold Machines

Agonist Exclusive

Diebold Machines and Your Vote

by creativelcro and quietBill

With the emergence of paperless billing and online banking, many of us save considerable effort, time and money every month. The transition to digital information has gone well beyond paying bills or taxes, and booking airline flights. Virtually all aspects of our lives are affected. Not surprisingly, the same technological shift has been occurring in the field of voting machines, accelerated by the Help America Vote Act (HAVA) passed by Congress at the end of 2002.

No paper trail.

While differing in implementation, these systems share a crucial feature: all information about the votes is stored exclusively in digital format. The crucial difference from more traditional voting systems (e.g., punch card and optical scan machines) is that those systems keep the original vote in a physical form (usually paper) that can be directly verified by the voter. This "paper trail" can later be used during a recount, if the need were to arise.

A recount is generally possible with Direct Recording Electronic (DRE) voting machines, but what is recounted is simply what the machine recorded in the first place and this can be quite different from the intended vote.

Discrepancies arise through a number of factors, ranging from machine malfunction to malicious tampering with its software. Without the hard-copy redundancy offered by traditional voting systems, performing an independent audit is virtually impossible.

Not just theory

The importance of having such audits has been demonstrated in real life cases where problems with voting and counting machines were suspected. In a primary election in Clay County Kansas (August 2002), Roy Jennings defeated the incumbent, Jerry Mayo, by 22 votes. However, a hand recount, which was possible because of the use of optical scan machines, revealed that Mayo was the winner by a landslide: 540 votes to 175. In one ward, which Mayo carried 242-78, the computer had reversed the totals.

Although this County used optical scan machines, the problem becomes even more serious and insidious when voting systems are less transparent and more complex. With DRE voting systems there is no possibility of a meaningful recount.

Significant effect.

In the upcoming California recall election, on October 7, about 10% of the votes in the area are expected to be acquired by means of Touch screen (DRE) voting machines. They are manufactured by the 3 main companies in the election business: Sequoia Edge Touchscreen (4.8%), Diebold Accu-Vote-TS Touchscreen (4.4%), and ES&S iVotronic Touchscreen (.6%).

The percentage of DRE machines is likely to rise in the near future. With many elections being close calls and falling within the statistical margin of error (Florida is a painful reminder), a 10% deviation can make an enormous difference.

Who can test?

In the absence of independent verification, it is essential that all aspects of the inner workings of these machines be thoroughly tested, even more so than with more traditional machines. Unfortunately, there is strong reason to believe that such testing is not carried out in a thorough manner, as will be demonstrated below.

Since the software and hardware in these DRE machines is proprietary, only certification labs, Independent Test Authorities (ITAs) specified by the National Association of State Election Directors (NASED), can examine them to ensure that they satisfy the Federal Voting Systems Standards (FVSS) formulated by the Federal Election Commission (FEC).

Currently, the only ITA qualified to test hardware and firmware is the Wyle Laboratories, whereas ITAs qualified to test software are Ciber Inc. and SysTest Labs, LLC. Like the source code, the results of the tests by the ITAs are not available to the public. Essentially, the system is set up to be based on trust: the public is supposed to trust that a DRE system will record their vote faithfully. This is unacceptable and completely unverifiable.

The Johns Hopkins Test.

Recent events gave an independent team the unique opportunity to actually examine and test the source code of one of these DRE machines, the AccuVote-TS voting system, made by Diebold Election Systems Inc. A system certified to comply with FEC/NASED voting system standards. Indeed, in January 2003 a copy of Diebold’s source code was found on a publicly available FTP site owned by Diebold, The discovery was announced, much to Diebold’s chagrin, on Bev Harris’ site: http://www.blackboxvoting.org. On July 24th, a team of computer scientists from Johns Hopkins and Rice Universities, led by Dr. Avi Rubin at Johns Hopkins, completed and released a report on their analysis of the source code (at least, the unencrypted parts). The results in this report were devastating as a myriad of serious programming flaws and security problems were discovered. Importantly, some of the most obvious flaws in the code had already been pointed out years before by Dr. Douglas Jones, Chair of the Iowa Board of Examiners for Voting Machines and Electronic Voting Systems, at a time when the code belonged to Global Election Systems (GES), later acquired by Diebold. Jones actually called for the de-certification of Diebold direct recording system, after reading the Rubin report.

Since there are currently 33,000 working AccuVote-TS voting machines manufactured by Diebold around the country (and the number is been steadily rising as a result of HAVA) the results of this analysis has fundamental and potentially devastating implications for future elections.

The Maryland story: an Enron-like "audit?"

Maryland is a case in point. Currently at the center of a controversy, Maryland purchased 5000 such machines in March 2002 (at a cost of $17 million) and has signed an agreement to purchase another 11,000 at a cost of $55.6 million. The Rubin report, mentioned above, prompted Maryland Gov. Robert L. Erhlich Jr. to hire Science Applications International (SAIC) to perform an independent risk assessment on Diebold’s machines. The risk assessment was performed from August 5th through August 26th 2003 and the 200-page report was delivered to State officials on Sep 2.

After substantial redacting, the report was made public on September 24th. The SAIC found 328 security weaknesses, 26 of them being critical, and concluded “the system, as implemented in policy, procedure, and technology, is at high risk of compromise.â€