2004 U.S. presidential election controversy, voting machines

Parent article: 2004 U.S. presidential election controversy

After the 2004 U.S. presidential election there were allegations of data irregularities and systematic flaws which may have affected the outcome of both the presidential and local elections. Unofficial results currently indicate a victory by George W. Bush over John Kerry. Allegations range from significant exit poll and other data irregularities potentially characteristic of fraud, to complaints voting was not conducted equally for all citizens, for example, uneven voting machine distribution which might lead to long voting lines and disenfranchisement.

As the below information indicates, there are significant concerns as to whether thousands, if not millions, of votes were fairly, reliably, and accurately recorded and reported by electronic voting machines and central vote tabulation computers in widespread use today.

Contents

1 Specific issues related to voting machine companies 1.1 Control, ownership and political ties 1.2 Specific issues relating to Diebold machines and practices 1.3 Specific issues relating to ES&S machines and political links 1.4 Specific issues relating to Wyle machines and political links 1.5 Specific issues relating to Sequoia machines and practices 1.6 Industry collusion 2 Evidence of electronic voting bias 2.1 UC Berkeley Data Archive 3 Certification of voting machines 3.1 The Law 3.2 Ciber's Certification Report Overview 3.3 Cipher Labs Certification of Diebold GEMS 1-18-15 3.4 Cipher Labs Certification of VoteHere Election System 3.0.0.33 4 BlackBoxVoting.org investigations 4.1 Diebold Security and internal email investigation 4.2 Volusia County Fraud Investigation 5 Similar anomalies in recent history 5.1 Volusia, Florida 2000 5.2 Voter suppression and racial discrimination, Florida 2000 5.3 Riverside County CA., March 2004 Primary (litigation) 5.4 Georgia 2002 5.5 Other 6 Expert testimony on quality of current voting machines 6.1 Dr. Professor Avi Rubin 6.2 Dr. Professor Rebecca Mercuri 6.3 Hopkins, SAIC and RABA (from Concerned individuals vs.Maryland State Board of Elections) (litigation) 6.4 Manipulation of punch-card voting machines 6.5 Triad Engineer, interview by House Judicial Committee 6.6 Other professional studies 7 Technical overview: Ease of hiding "back doors" in computer source code 8 The "programming fraud" affidavit 8.1 Summary of affidavit 8.2 Key points from background comments 9 See also 10 External links

Specific issues related to voting machine companies

Control, ownership and political ties

A very comprehensive and fully sourced summary of "Who's involved with Who" includes ownership, history, donations and connections of voting machine companies and those connected with them, including SEC criminal records and cross-investments.

Bob Urosevich is currently president of Diebold and was the person who original produced Diebold's software [1]. Todd Urosevich (his brother) is vice president of ES&S. In 1999, American Information Systems (AIS), purchased Business Records Corporation (BRC) to become ES&S. AIS (1980) was formerly Data Mark (1979). Both AIS and Data Mark were founded by the Urosevich brothers. In 2002 Diebold acquired Global Election Systems. Global was founded 1991, which itself acquired the AccuVote system the same year. Bob Urosevich is a past president of Global.

AIS was initially funded by Howard Ahmanson [2]. Ahmanson is a member of the Council for National Policy, a “steering group” linked to the Bush administration [3],[4],[5],[6],[7] and has holdings in ES&S. Ahmanson donates substantially to CalTech/MIT, and helps finance the Chalcedon Institute and the Discovery Institute which pushes Creationist science and education in California. Chalcedon is a fundamentalist Christian ministry devoted to "nothing short of ... rebuilding the theological fortifications of Christian civilization ... eroded by the forces of humanism and secularism over the past three centuries", and is at the heart of Christian Reconstructionism, a "recently articulated philosophy which argues that it is the moral obligation of Christians to recapture EVERY institution for Jesus Christ" and "among other things 'mandating the death penalty for homosexuals ...'." [8] and [9]

ES&S (40-50%) and Diebold (30-35%) are responsible for the integrity and processing of around 80% of United States election voting. Between them, these two companies alone provide voter registration, printing of ballots, the programming of the voting machines, the counting and tabulation of the votes, and the final reporting of the results for over 150 million Americans.

Diebold:

In 2003 Walden O'Dell CEO of Diebold said in a letter to Ohio Republican officials that he was "committed to helping Ohio deliver its electoral votes to the President". [10] Diebold is the company which makes electronic touch screen voting machines used in Ohio and other states, most significantly Florida. Ohio and Florida were two of the "swing" states critical to the 2004 election. It is important to note that punch card (not electronic) voting took place in 68 of Ohio's 88 counties, including three of the four most populous, which include Cleveland, Dayton, and Cincinnati.[11]

Diebold’s political ties are not limited to Republicans. Mark Radke (Director of Marketing for Diebold Election Systems) "has an exclusive Democratic donation history"..."including the legal limit of $2000 to John Kerry in the recent campaign" [12]. However, according to campaign finance records at OpenSecrets.org, of the over $240,000 given by Diebold’s directors and chief officers to political campaigns since 1998, all has gone to Republican candidates or party funds. [13]

Sep. 30, 2004 - Deborah Seiler, an "influential employee" of Diebold Election Systems changed jobs, and now works for Solano County California. The position puts her second in command of elections in the county. The person concerned was implicated (see comment by CVF in article) in the purchase by California of Diebold systems which later became the source of litigation when they turned out to be misrepresented and uncertified. wired news

Aug. 31, 2004 - "Activists from TrueVote, a Maryland-based group, also protested against voting-machine companies sponsoring parts of the election officials' conference. Diebold Election Systems co-sponsored the opening-night reception. Sequoia Voting Sytems paid for a dinner cruise aboard a glass-topped boat on the Potomac, where many of its competitors took the opportunity to pitch their products to election officials. Election Systems and Software hosted a lunch, and Hart InterCivic printed the conference brochures." wired news

ES&S:

As noted elsewhere (Sources: [14], [15],[16], #Specific issues relating to ES&S)

Chuck Hagel, the previous chairman of ES&S , another major manufacturer of voting machines and still a $1m stock-holder in McCarthy & Co which owns a quarter of ES&S [17], became a Republican candidate. Hagel's Democratic opponent made a formal protest to the state of Nebraska over the conflict of interest. Hagel had significant AIS holdings when the company counted the votes for his surprise election victory in 1996. Hagel has been scrutinized by the Senate Ethics Committee over his investments in the McCarthy Group. ES&S, which counted 80% [18] of the votes when Hagel was elected in 1996 and re-elected in 2002, is a subsidiary of the McCarthy Group, according to The Hill. [19],[20]

When Hagel stepped down as head of this company to compete for the Senate, he became "...the first Republican in 24 years to win a Senate seat in Nebraska, nearly all on unauditable machines he had just sold the state ... including many largely black communities that had never before voted Republican". (Source [21])

Hagel also was recently caught lying about his ownership of ES&S by the Senate Ethics Committee, and was on a short list of George W. Bush's vice-presidential candidates. [22]

Jeb Bush's first choice as running mate in 1998 was Sandra Mortham, a paid lobbyist for ES&S who received a commission for every county that bought its touch-screen machines. The Hill's revelations of Hagel's conflict of interest was disturbing enough to cause Jan Baran, one of the most powerful Republican lawyers in Washington D.C., and Lou Ann Linehan, Senator Chuck Hagel's Chief of Staff, to walk into The Hill's offices to "discuss" the story. "According to the author of the article, Alex Bolton, nothing similar had happened in the three-and-a-half years he's worked for the paper." [23]

Specific issues relating to Diebold machines and practices

• Unreported faults and problems known to manufacturer

As summarised elsewhere below (California litigation, Blackbox, federal hearings), Diebold consistently hid major flaws, and stated machines had been certified and were secure when this was not the case. Some states have proposed or begun litigation in respect of these.

• Poor security against cracking and other electronic fraud

The same source also claims that

"Experts have raised questions about the machines' security features, which some say can be easily defeated, making it possible to manipulate the actual vote count.

"In all of my consulting work and all of my work in industry I've never seen a system that I thought was this vulnerable to abuse," said Avi Rubin, a professor of computer science at Johns Hopkins University in Maryland, who, along with other security experts, analyzed Diebold's source code for the electronic voting machines."

In at least one case it appears a voting machine was cracked during a primary election in King County Washington and a warning was issued to disconnect all voting machines from the internet. But this would not totally prevent the effects of cracking [24].

Nov. 12, 2004 : "Computer Science Professor Avi Rubin of John Hopkins University analyzed Diebold's 47,609 lines of code and found it uses an encryption key (56-bit DES) that was hacked in 1997 and no longer is used in secure programs. The Digital Encryption Standard 56-bit encryption key used can be unlocked by a key embedded in all the source code, meaning all Diebold machines would respond to the same key. Rubin said Diebold has said it repaired the security flaws in subsequent programs, but that the company has not produced the code for analysis. Rubin, his graduate students and a colleague from Rice University found other bugs, that the administrator's PIN code was '1111' and that one programmer had inserted, 'This is just a hack for now.' The implication is that by hacking one machine [one] could have access to all Diebold machines. Diebold did return a call for comment." (Source: Washington Times/UPI)

"Diebold, located in North Canton, Ohio, does its primary business in ATM and ticket-vending machines. Critics of Diebold point out that virtually every other machine the company makes provides a paper trail to verify the machine's calculations. Oddly, only the voting machines lack this essential function." [25]

• Recent historical voting anomalies

March 5, 2004 : "[Election reform activist Bev] Harris has also posted a post-mortem [of the 2000 election] by CBS detailing how the network managed to call Volusia County for Bush early in the morning. The report states: "Had it not been for these [computer] errors, the CBS News call for Bush at 2:17:52 AM would not have been made." As Harris notes, the 20,000-vote error shifted the momentum of the news reporting and nearly led Gore to concede.

What's particularly troubling, Harris says, is that the errors were caught only because an alert poll monitor noticed Gore's vote count going down through the evening, which of course is impossible. Diebold blamed the bizarre swing on a "faulty memory chip," which Harris claims is simply not credible. The whole episode, she contends, could easily have been consciously programmed by someone with a partisan agenda. Such claims might seem far-fetched, were it not for the fact that a cadre of computer scientists showed a year ago that the software running Diebold's new machines can be hacked with relative ease. The crackers posted some 13,000 pages of internal documents [from Diebold's technical support database] on various web sites -- documents that were pounced on by Harris and others. A desperate Diebold went to court to stop this "wholesale reproduction" of company material." ("Students Fight E-Vote Firm", also see "Libel Chill" below)

"If you strip away the partisan rancor over the 2000 election, you are left with the undeniable fact that a presidential candidate conceded the election to his opponent based on [results from] a second card that mysteriously appears, subtracts 16,022 votes, then just as mysteriously disappears."

(Sources for this section: 1) ABC News [26], 2) [27], 3) Diebold penetration and legal, 4) #Similar anomalies in recent history

Voting Machine problems (including Diebold): Electronic voting#Problems with electronic voting

• "Libel Chill"

[28], an US online encyclopedia similar to Wikipedia covering "people, issues, groups and the public agenda" describes the position under the title "Libel Chill" as follows:

On the above issues, most journalists within the media establishment have been silent. Given Diebold's history of libel chill and the Rathergate issue, it's not hard to guess why, though political motives may also be involved. There has been a report from a MMOB member on a 'lockdown' on covering the story, coming from executive levels within the media. However, MSNBC's Keith Olbermann featured a good story about the vote discrepancies on his Nov. 8th show."

"Libel chill in this case is highly strategic since there is only a short time window - from November 2, 2004 to December 13, 2004 - to contest the results."

"In such a legally and politically charged situation, accurate verifiable data is hard to come by. Bev Harris and her team at blackboxvoting.org [29] have filed the largest number of FOIA's - Freedom of Information Act requests - in history. She is asking 3,000 counties for the internal audit logs of their voting machines, which are public records, as well as for other key data."

From :LA Weekly: ...At the same time, the internal memos reveal that Jones Day lawyers were exploring strategies to fend off legal challenges ... Legal machinations were eventually cited as a strike against Diebold. The company "raised frivolous legal objections to providing many [requested] documents and provided other documents in an untimely manner," according to a Secretary of State’s Office report on Diebold.

From EFF (legal records here): Diebold has delivered dozens of cease-and-desist notices to website publishers and ISPs demanding that they take down corporate documents revealing flaws in the company's electronic voting systems as well as difficulties with certifying the systems for actual elections. "Diebold's blanket cease-and-desist notices are a blatant abuse of copyright law," said EFF Staff Attorney Wendy Seltzer, "Publication of the Diebold documents is clear fair use because of their importance to the public debate over the accuracy of electronic voting machines."

Diebold threatened not only the ISPs of direct publishers ... but also the ISPs of those who merely publish links to the documents. In one such instance, [one ISP] refused to comply with Diebold's demand that it prohibit Independent Media Network (IndyMedia) from linking to Diebold documents..."

• Knowingly misrepresenting voting machines as certified and tested:

LA Weekly reports (April 2004) that Diebold knowingly used uncertified voting machines in many elections, and misrepresented this to the State.

"Diebold has conceded that it violated California regulations by using uncertified software in the March 2 election. This misstep occurred even though the Diebold internal memos had previously warned the company precisely of this problem. These memos also talk of greater legal culpability if the company knowingly violated California election law. The documents offer a potentially damning indictment of a company that failed to fly right despite in-house warnings ... a former Diebold technician ... depicted a company that was running behind schedule, making untested, last-minute fixes and conjuring solutions on the spot.

The state report said Diebold "marketed and sold the TSx system before it was fully functional, and before it was federally qualified," "misrepresented the status of the TSx system in federal testing in order to obtain state certification" and "failed to obtain federal qualification of the TSx system despite assurances that it would." In addition, the company allegedly "installed uncertified software on election machines in 17 counties" and "jeopardized the conduct of the March primary." The secretary of state’s advisory panel noted that some voters were turned away when poll workers could not get machines started on time in San Diego and Alameda counties.

The internal memos plainly confront the possibility of "multimillion-dollar liabilities". As one memo puts it, "Issue: Whether the use of an uncertified voting system is illegal? Short answer: Yes." The same memo then deals with whether the company had violated its contract with Alameda County. "Issue: Whether Diebold breached the Agreement if it provided Alameda County with an uncertified voting system? Short answer: Mostly likely ... If Diebold materially breached the Agreement, Alameda County can terminate the Agreement and sue for damages."

Or as Diebold's own memo put it (Ken Clark, [30]):

"Strictly adhering to our release policies, the California change should also require
a major version number bump to GEMS (because of the protocol change). We can't reasonably
expect all of California to upgrade to 1.18 this late in the game though, so we'll slip
the change into GEMS 1.17.21 and declare this a bug rather than a new feature.
What good are rules unless you can bend them now and again."

• Diebold management past criminal history

Source: Court papers filed in Maryland, Wired news, [31]

Dec. 17 2003 - "At least five convicted felons secured management positions at a manufacturer of electronic voting machines, according to critics demanding more stringent background checks for people responsible for voting machine software.

"The programmer Jeffrey Dean wrote and maintained proprietary code used to count hundreds of thousands of votes as senior vice president of Global Election Systems, or GES. Diebold purchased GES in January 2002. According to a public court document released before GES hired him, Dean served time in a Washington State correctional facility for stealing money and tampering with computer files in a scheme that "involved a high degree of sophistication and planning in the use and alteration of records in the computerized ... system that defendant maintained for the victim." (23 counts of First Degree Theft, case 89-1-04034-1)

"The other reported felons included a cocaine trafficker [John Elder] and a man convicted of engaging in fraudulent stock transactions."

Jeff Dean was specifically involved in the King County voting system, and is also mentioned specifically in the Diebold memos in connection with programming optical-scan software and the touch-screen Windows CE versions. King County provided him with a key to the computer room, the passcode to the GEMS computer and 24-hour access to the building. Diebold have indicated that he left when they took over GES, however internal records show he was retained, and continued to act as a "consultant".

King County WA. is the same county which Diebold internal memos say "are famous" for illicit access to voting systems and where a 3 hour section is missing from a security log during the September 2004 Primary.

Specific issues relating to ES&S machines and political links

Thom Hartmann stated in CommonDreams.org (Nov 4 2004, [32]):

"About two years ago [Jan 2003], I wrote a story for these pages, "If You Want To Win An Election, Just Control The Voting Machines," that exposed how Senator Chuck Hagel had, before stepping down and running for the U.S. Senate in Nebraska, been the head of the voting machine company (now ES&S) that had just computerized Nebraska's vote. The Washington Post (1/13/1997) said Hagel's "Senate victory against an incumbent Democratic governor was the major Republican upset in the November election." According to Bev Harris, Hagel won virtually every demographic group, including many largely black communities that had never before voted Republican. Hagel was the first Republican in 24 years to win a Senate seat in Nebraska, nearly all on unauditable machines he had just sold the state."

(The same author also notes in respect of audit trail that "Congressman Rush Holt introduced a bill into Congress requiring a voter-verified paper ballot be produced by all electronic voting machines, and it's been co-sponsored by a majority of the members of the House of Representatives. The two-year battle fought by Dennis Hastert and Tom DeLay to keep it from coming to a vote, thus insuring that there will be no possible audit of the votes of about a third of the 2004 electorate, has fueled the flames...")

Bev Harris also traces significant control of ES&S back to Peter Kiewit Sons’ Inc, a company with strong political interests and ties to big industry, and a track record of bid-rigging and bans from State or Federal contracts, stating that "Peter Kiewit Sons’ Inc. and its subsidiaries have been tied to a string of bid-rigging cases in as many as 11 states and two countries" [33]:

Sample legal cases – (1) bid-rigging in New Orleans, pleaded no contest, fined $100,000 and $300,000 in civil settlement, (2) Bid-rigging on road contracts, South Dakota, pleaded guilty, fined $350,000, (3) bid-rigging and mail fraud on a federal highway project, Kansas, firm fined $900,000, company official sentenced to a year in jail, (4) bid-rigging of $1.8 million on state highway project, Nebraska, Kiewit vice-president jailed.

Official action – (1) Army Corps of Engineers “at one point decided to bar Kiewit from bidding on all federal projects but later changed its mind.” Kiewit builds munitions plants and military airstrips, (2) State of Oklahoma forbade Kiewit to bid anymore, Kiewit set up a different company called Gilbert Southern Corp. According to The Sunday Oklahoman, Gilbert Southern Corp. recently submitted a sworn affidavit to the transportation department saying it had no parent company, affiliate firms or subsidiaries." But "Kiewit owned Gilbert Southern Corp. lock, stock and barrel. When the state of Oklahoma found out, it yanked the contracts", (3) Took contracts in Washington State "under the guise of a minority-owned firm. The government thought it was giving contracts to a company owned by African-American women; actually, it was a bunch of white guys in Nebraska. Kiewit paid more than $700,000 in fines while denying liability or wrongdoing."

"Does Kiewit have a political agenda? Absolutely. Kiewit’s Jerry Pfeffer has spoken before Congress to ask for more privatization: 'Kiewit, based in Omaha, built more lane-miles of the Interstate Highway System than any other contractor,' he said. '...We’re active in toll roads, airports and water facilities...' Kiewit also owns CalEnergy Corp, and is a 'quiet giant' in telecommunications."

Specific issues relating to Wyle machines and political links

In the same article as above, Bev Harris states:

"Texas billionaires Sam and Charles Wyly were the ninth-biggest contributors to George W. Bush in 2000, and Sam Wyly bankrolled the dirty tricks that wiped out John McCain’s lead during the South Carolina primary."

"You would expect that a company that certifies our voting machines would not have its owners running for office. You would also expect that no one who owns the certification company would be under criminal investigation … Shortly after Wyle Laboratories split off from Wyle Electronics in 1994, controlling interest was acquired by William E. Simon & Sons, a firm owned by a former Secretary of the Treasury, William E. Simon, and his son, Bill Simon, a candidate for governor of California in 2002. Just before the election, in August 2002, William E. Simon & Sons was convicted of fraud and ordered to pay $78 million in damages."

"In what is surely record time for our glacial judicial system, the conviction was overturned in September 2002. The reason? William E. Simon & Sons had partnered up with someone who was a criminal and no one could tell who was the guiltiest."

"Recently, Wyle Laboratory shares held by William E. Simon & Sons were bought out. Now Wyle Laboratories is a wholly owned subsidiary of LTS Holdings, Inc., an entity I can find no information about, controlled by individuals whose names are not available."

Specific issues relating to Sequoia machines and practices

Sequoia Pacific has a "long connection" with criminal activity, including connections to the Gambino Family. [34]

"[In respect of Sequoia there is] clear and convincing evidence that the company has been run, perhaps for decades, as a Continuing Criminal Enterprise specializing in blatant and widespread bribery of public officials, with numerous felony convictions, Mob ties, and a history replete with stories of threats, coercion..."

Sample cases - (1) Sequoia attempted bribery at a luncheon hosted by Salvatore Reale, a Gambino underboss who later pled guilty to racketeering, New York City, (2) Company’s founder, Lloyd A. Dixon Jr. indicted by federal grand jury for bribing Buffalo election officials, (3) Company fined nearly $50,000 for bribing Texas and Arkansas officials, (4) Next owner of Sequoia Pacific, financier Louis Wolfson became convicted of bribing the only Supreme Court Justice ever forced to resign in disgrace, (5) Louisiana’s Commissioner of Elections Jerry Fowler convicted of taking as much as ten million dollars over a period of a decade from Sequoia’s Southeast Representative, a man named Pasquale "Rocco" Ricci, from New Jersey. (6) US Attorneys refused or unable to "confirm or deny" if Ricci was connected to organised crime.

Official action - Allegations of voting irregularities by Republican Jenkins led to a year-long investigation. The probe quickly came across evidence of massive bribery, which became the focus of the investigation that followed, leading to charges that an election officer (Fowler) had spent $8.6 million in state money on "worthless" election equipment, and taken kickbacks from voting machine contractors working for Sequoia Pacific, in a scheme engineered by that company's executives. Fowler sentenced to five years in prison. Media did not mention the name of the company on whose behalf he was being bribed, Sequoia Pacific.

Sequoia and Riverside County (See 2004_U.S._election_controversies_and_irregularities#Riverside County CA., March 2004 Primary (litigation) )

Litigation documents allege that "Experts said the company designed the machines and software so that vote totals could easily be altered without leaving a trace".

In this legal case, eye witnesses state that in the middle of the March 2004 primary, County officials "had halted vote counting for a period of time and allowed employees of the voting machine company, Sequoia Voting Systems, to access the computer containing the counting software" and that "CES had changed the computer's instructions for tallying votes on election night".

County officials "refused to hand over the audit logs and memory cartridges".

Industry collusion

A summary and transcript of a conference call between voting machine companies and ITAA lobbyist Harris Miller agreed that an industry action group was to be formed in order to jointly:

1. Lobby politically for the industry,
2. Set industry standards (including ethics) and collaborate on R&D,
3. Attain self-management and industry control of the voting machine certification process,
4. Turn around currrent negative public perception,
5. "...reduce substantially the level and amount of criticism from computer scientists and other security experts about ... fallibility"
6. "Eliminate side attacks" from people who are "somewhat credible",
7. Co-ordinate counter attacks against issues,
8. Provide a 3rd party to "hide behind" when individual companies "don't want to talk about the issues",
9. Avoid claims of collusion by giving the false impression of independence between the lobbyists and the industry, and by keeping communication to undocumented telephone meetings without written notes.
10. Avoid press awareness of these arrangements.

An initial budget of around $150,000 - 200,000 was set.

The meeting was apparently set up by R. Doug Lewis, executive director of The Election Center, whose charter states "The Election Center is a nonprofit organization dedicated to promoting, preserving, and improving democracy. Its members are government employees..." No explanation is given for a government election employee taking such a role within a lobbyist group. [35]

Agenda [36]:

• "Purpose: Create confidence and trust in the elections industry and promote the adoption of technology-based solutions for the elections industry."
• "Success Benchmark: Achieve widespread acceptance among key constituencies that electronic voting is not just an alternative to other balloting systems, but is the "gold standard" to which all should aspire."
• Developmental goals - "Help assure the integrity of IT ... Improve security ..."
• Perceptional goals - "Generate positive public perception of the eVoting industry ... Develop liaison with key constituencies in order to build broader support for e-voting ... Reduce substantially the level and amount of criticism from computer scientists and other security experts about the fallibility of electronic voting systems."

Transcription extracts:

• Harris Miller (ITAA) - explains about helping them establish certification standards and "coming to the defense of a company under attack", also touches on the need to establish a panel which could "help refute problems like Diebold is currently having".
• R.Doug Lewis (Election Center) - Glad to act as sounding board but bowing out from most issues "at least until we are no longer the place where we do work for NASED"
• Unknown - "Efforts must be made to get academics 'on our side'."
• Unknown - "ITAA suggested 're-engineering' the certification process to make the industry the 'gold standard' so they can eliminate 'side attacks you are subject to now from people who are not credible as well as people who are somewhat credible'."
• Accenture? - "...self-certification will be a 'tough sell' to the public. We can’t win the PR battle if ITAA tries to do an ITA’s (independent testing authority) job. 'But I do think it is very important that the industry be more aggressive ... in the way that it gives input to the ITA (Independent Testing Authority) process and the people who control the ITA process'." (ie, industry control of the certification process)
• AccuPoll: "Absolutely, lobbying is an essential element for this industry."
• Harris Miller (ITAA): "We were too subtle by half. Our #4 goal, 'develop liaisons with key constituencies' is a nice word for lobbying. We just didn't want a document floating around saying the election industry is in trouble, so they decided to put together a lobbying campaign.' ... "I just don’t like to put it in writing because if this thing winds up in the press somewhere, inadvertently, I don’t want the story saying the e-voting industry is in trouble and decided to hire a lobbying firm to take care of their problem for them."
• Unknown - "Clearly one of the themes going around is related to collusion among industry sources, so any meeting of all the players is, by definition... unfortunately taken by some people as not a constructive exercise, but one of negative exercise. So, it would probably be best as Doug suggested, that it would be better that we pay you to do that ... That way, no one would perceive you weren’t an independent body." Harris Miller - Okay.
• Harris Miller (ITAA) - "Let’s assume we wanted to respond to some attack... assume another academic came out and said something against one particular company and the task force wanted to respond. The task force would put out a statement, 'Harris Miller, on behalf of ITAA, says this is BS’... we would also invite other members of the task force to put in comments if they want... normally the first person to put in a comment would be the chairman and other companies would have a chance to comment, blah, blah.. and be included in the press release ... Similarly, ... the companies may want to hide behind me, they don’t want to say anything... frequently that happens ... you don’t want to talk about the issues as individual companies."
• "Tracy Graham - "We must have a proactive strategy at this time to improve the overall perception in the industry, so we are absolutely supportive of this type of forum and action on behalf of the industry."

Follow-up:

December 9, 2003 - "Advanced Voting Solutions, Diebold Election Systems, Hart InterCivic, Sequoia Voting Systems, Election Systems & Software and UniLect announced that they had formed a trade group, called Election Technology Council, under the banner of the ITAA."

Evidence of collusion has come out in other investigations [37]:

• "First, the scheme showed that there was collusion, rather than competition, between the two major election services firms, Sequoia Pacific and E S & S. Court documents revealed the two sold voting machines back and forth to each other until they had arrived at the figure they wanted the client, the state of Louisiana, to pay."
• "Nor was this an isolated case. The bribery conviction of Arkansas Secretary of State Bill McCuen, for example, revealed that E S &S’s predecessor company, Business Records Corp. of Dallas, arranged for contracts which led to Smurfit Packaging Corp. and its subsidiary, Sequoia Pacific Voting Equipment Inc."

Evidence of electronic voting bias

Note: As with all statistics, it is very important to consider other causes of apparent anomalies, and to provide verifiable and neutral source data that can be checked in a neutral way by third parties. All the information and sources below appear prima facie to be statistically reasonable in terms of both analysis and assumptions, and to be based upon verifiable public data.

1. An analysis of Florida counties with 80,000 - 500,000 registered voters concluded (with a few caveats of a usual kind) that machine type (E-Touch vs Op-Scan) was a "significant predictor" of vote at the p < 0.001 level (less than one chance in a thousand of this degree of anomaly happening by chance) [38],[39],[40]Source data and calculations [41]. Contrarily, the New York Times ran a story stating that "...three political scientists, from Cornell, Harvard and Stanford... [pointed out] many of those Democratic counties in Florida have a long tradition of voting Republican in presidential elections". [42] All these analyses show Bush with a higher percentage of the vote in areas using optical scan ballots (as opposed to touch screen machines). (This study was later used as a basis to test the "Dixiecrat / Op-Scan" hypothesis in smaller counties: [43])
2. An error with an electronic voting system gave President Bush 3,893 extra votes in suburban Columbus according election officials. [44] Franklin County was the only Ohio county to use this particular electronic voting system. [45]

   One thread on the "democraticunderground" website discusses the results in Gahanna, Franklin Co. Ohio and notes that:

   • Gahanna has some 20,000 people elegible to vote and the reported turnout was around 70%. On a casual reckoning approximately 14,000 people voted, and yet nearly 21,000 votes were reported by voting machines.
   • The 3,893 extra individuals who are said to have queued to vote for Bush, and were therefore presumably Republican, did not appear to vote on any other matter bar the Presidency. (These other matters included the Senate race, County Commissioner, several county and state officials, and the infamous Gay Unions vote, issues of great importance in the election.)

   Source: [46], source data from govt website pdf

3. An analysis reported in the New Zealand press looks at the differences between exit polls and reported voting in more detail. It identifies that in a selection of non-swing states, the exit polls and final results match. However in a large proportion of what were identified before the election as key swing states (Wisconsin, Pennysylvania, Ohio, Florida, New Hampshire, etc.), the exit polls and final votes do not match.
4. The error was in each case a statistically anomalous and electorally critical 4 - 15% swing (change between exit polls and electronic voting) and furthermore the anomalies were not random. In each of the above swing states, this variation between what voters said they voted and what the machines reported was in favour of Mr. Bush. Source [47], article discussing here, graphs here.

   An article comments that:

   • Exit polls into the evening of Nov. 2 actually showed Kerry rolling to a clear victory nationally and carrying most of the battleground states, including Florida and Ohio, whose totals would have ensured Kerry's victory in the Electoral College.
   • The exit polls covered both the Presidential and Senate races. The votes reported by voting machines for the Senate races were in line with the exit polls for the Senate race, however the votes reported by the same voting machines for the Presidency often significant disagreed with the exit polls for the Presidency.
   • It also comments that "Democratic suspicions also were raised by Republican resistance to implementing any meaningful backup system for checking the results on Diebold and other electronic-voting machines."

5. There were additional reports of significantly large data irregularities with the "optical scan" type voting machines in at least Florida. In one county using optical scan voting machines for example, election records showed 77% registered democrats but Bush received 77% of the vote.
6. Wired Newshas examined this issue and reports that, "...according to academics, the internet pundits are reading the data out of context. Demographic figures and vote trends over several years show the numbers to be consistent with previous elections. According to University of California at Berkeley political scientist Henry Brady, the Republican vote share has been going up in Florida's rural optical-scan counties for years."

   Wired further reports that, "[t]hree professors of government also examined the numbers after being pressured by many people, including lawyers for the Democratic Party, and concluded the same thing." but that they also warned this "doesn't mean that nothing went wrong in this election. It just means this particular thing is not what went wrong."

7. Nov. 27 Oklahoma media report:

   "The respectable, conservative "Tulsa World" newspaper reported Nov 3rd that Kerry was winning in 57 of the states's rural counties, with 70% of the vote counted ... The "official" State of Oklahoma Election Board vote totals released later show Kerry not winning; but, losing in all the state's 77 counties, including the 57 rural counties. A simple comparison of total votes for Kerry between the staid establishment mouthpiece, the "Tulsa World" newspaper and the so-called "official" final vote totals at the State Election Board show fewer votes for Kerry in 57 counties than the "Tulsa World" does ... Sen Kerry lost 37,982 votes to the ES&S Optech Machines. During the same time period President Bush gained a whooping 393,825 votes. In other words, Kerry lost votes already cast [and counted] by voters ... Who programs these things, eh? ... It turns out every vote in the state ... were counted on the same type of flawed machine, programmed originally by the Hagel's ES&S company..."

8. [48] examines Ohio counties and notes:

   "...over 20,000 absentee ballots were added to Franklin County's total twice [Source: official canvas report] ... Some candidate totals are identical in the two counts, and some differ by just one vote. Still others are reported as zero in the second count, which implies that only certain races were recounted..."

   Most of Ohio use punch cards. Most Ohio counties showed "dramatic increases" in voter turnout. Franklin and Mahoning counties showed fewer voters. Franklin and Mohoning are two of the few to use touch voting. Likewise the same two counties bucked the other trend: the normal pattern was for the increase in reported voters to be much higher than the increase in registered voters. In these two counties the opposite was true. Anectodtal evidence suggests rather puzzlingly that these were not undervoted, as they experienced the same extensive lines and intensive "get out the vote" as other counties. (Figures and stats in article)

   "Out of all these counties, only Franklin and Mahoning use DRE voting systems. Out of all these counties, only Franklin and Mahoning show the odd pattern of having a greater increase in registered voters than in reported voters. Out of all these counties, Franklin and Mahoning have the lowest increase in turnout rate from 2000; the others average a much higher turnout rate increase of about 13-14%. Does that seem suspicious to anyone else? It is especially fishy when you consider the strategic importance of these two counties...If Franklin and Mahoning experienced the same 13-14% increase in turnout rate as the other blue states ... together that's about 108,000 votes ... I think we need to try to figure out where those votes went."

   "Warren County made the news twice... First, it was the last county in Ohio to complete its vote count. Second, the ballots were counted in secret by its Republican election officials. The media were not allowed to observe the counting process and were relegated to an area two floors below where the count was taking place. The justification Warren officials gave was that they had received a report of a terrorism threat, namely a level 10 (out of 10) warning specifically for Warren County. That was a lie. It was denied outright by both Homeland Security and the FBI. So just what were those Republican Warren County officials doing with the ballots they kept to just themselves all night long? One possibility is that they were destroying ballots..."
    

   "There is one more point to be examined here. The idea promoted by the media is that Bush won because "red" voters showed up in greater quantities than "blue" voters. But looking at Ohio, we see that the opposite is actually true. Blue counties in Ohio had a larger increase in turnout rate than red counties. Even dividing counties up into smaller and smaller groups does not change this: Strongly blue counties have better turnout rate increases than moderately blue counties. Moderately red counties have better turnout rate increases than strongly red counties. Where did all those votes for Bush come from? The election in Ohio stinks. Badly."

UC Berkeley Data Archive

Home page [49] (report link [50] Summary page PDF)

A large academic paper, with full data provided for verification. Although not formally yet peer reviewed, it has been examined by 7 professors (Source [51])

"...researchers examined numerous variables that might have affected the vote outcome. These included the number of voters, their median income, racial and age makeup and the change in voter turnout between the 2000 and 2004 elections. Using this information, they examined election results for the Republican and Democratic presidential candidates in the state in 1996, 2000 and 2004 to see how support for those candidates and parties measured over eight years in Florida's 67 counties."

They discovered that in the 15 counties using touch-screen voting systems, the number of votes granted to Bush far exceeded the number of votes Bush should have received -- given all of the other variables -- while the number of votes that Bush received in counties using other types of voting equipment lined up perfectly with what the variables would have predicted for those counties. The total number of excessive votes ranged between 130,000 and 260,000, depending on what kind of problem caused the excess votes. The counties most affected by the anomaly were heavily Democratic. "

"Sociology professor Michael Hout, who chairs the university's graduate Sociology and Demography group, said the chance for such a discrepancy to occur was less than 1 in 1,000. 'No matter how many factors and variables we took into consideration, the significant correlation in the votes for President Bush and electronic voting cannot be explained...'"

Executive summary:

1. Because many factors impact voting results, statistical tools are necessary to see the effect of touch-screen voting. Multiple regression analysis is a statistical technique widely used in the social and physical sciences to distinguish the individual effects of many variables. This multiple-regression analysis takes account of the following variables by county: (1) number of voters, (2) median income, (3) Hispanic population, (4) change in voter turnout between 2000 and 2004, (5) support for President Bush in 2000 election, (6) support for Dole in 1996 election...
2. When one controls for these factors, the association between electronic voting and increased support for President Bush is impossible to overlook. The data show with 99.0% certainty that a county’s use of electronic voting is associated with a disproportionate increase in votes for President Bush.

(note - confidence levels are formally tested for significance at a predetermined level, typically 95% or 99%. So 99% would be quoted as the result of confidence testing, as a minimum. That said, the actual confidence figure can be calculated backwards, and when this is done turns out to be closer to 99.9%. Hence the two figures of 99.0% and 99.9% cited in the summary)

Key findings:

1. Irregularities associated with electronic voting machines may have awarded 130,000 excess votes or more to President George W. Bush in Florida.
2. Compared to counties with paper ballots, counties with electronic voting machines were significantly more likely to show increases in support for President Bush between 2000 and 2004. This effect cannot be explained by differences between counties in income, number of voters, change in voter turnout, or size of Hispanic/Latino population.
3. In Broward County alone, President Bush appears to have received approximately 72,000 excess votes.
4. We can be 99.9% sure that these effects are not attributable to chance.

However this study has been strongly criticized by two professors for apparently picking a statistical model that favored a predetermined outcome, despite the fact that other equally valid models produced different results. They construct an equally valid model which shows that electronic voting favored Kerry, to point out that both models are fatally flawed. They conclude that "the study is entirely without merit and its “results” are meaningless.". [52]

Certification of voting machines

blackboxvoting.org obtained information and documents on the certifications performed on two voting machines by Ciber, Inc. (formerly known as 'Metamor'). Source: [53]

The Law

Source: FEC Voting System Standards (Word format)

Certification Authorities:

"The national testing effort is overseen by NASED’s Voting Systems Board, which is composed of election officials and independent technical advisors. NASED has established a process for vendors to submit their equipment to an Independent Test Authority (ITA) for evaluation against the Standards. To date, Wyle Laboratories, Inc., CIBER, Inc., and SysTest Labs are certified by NASED to serve as program ITAs for the testing of hardware and the examination of software."

(At this time, NASED comprises 9 US state or federal election officers, FEC representative, 3 software consultants, and one representative from each of IEEE, Wyle Laboratories, SysTest, and Ciber)

Revised Standards:

"In 1997, NASED briefed the FEC on the necessity for continued FEC involvement, citing the importance of keeping the Standards current in its reflection of modern and emerging technologies employed by voting system vendors."

"Audit Trails - Performance requirements for audit trails are strengthened to address the full range of election management functions..."

"Error rates - errors introduced by the system and not by a voter’s action ... applies to specific system functions, such as recording a vote, storing a vote and consolidating votes into vote totals ... each location where a vote may be entered represents a ballot position ... the Standards set two error rates: Target error rate: a maximum of one error in 10,000,000 ballot positions, and Testing error rate: a maximum acceptable rate in the test process of one error in 500,000 positions ... This system error rate applies to data that is entered into the system in conformance with the applicable instructions..."

"Overall capabilities - ...apply throughout the election process. They include security, accuracy, integrity, system auditability, election management system, vote tabulation, ballot counters, telecommunications, and data retention."

Quality Assurance:

"In the Standards, quality assurance is a vendor function with associated practices that confirms throughout the system development and maintenance life-cycle that a voting system conforms with the Standards and other requirements of state and local jurisdictions."

Test process:

"The qualification test process is intended to discover errors that, should they occur in actual election use, could result in failure to complete election operations in a satisfactory manner."

"The testing process involves the assessment of: (a) Absolute correctness of all ballot processing software, for which no margin for error exists; (b) Operational accuracy in the recording and processing of voting data, as measured by the error rates [above]; ... (c) System performance and function under normal and abnormal conditions."

"System-level qualification tests address the integrated operation of hardware, software (and telecommunications capabilities where applicable) to assess the system’s response to a range of both normal and abnormal conditions in an attempt to compromise the system."

Security overview:

"Security standards - this section describes the essential security capabilities for a voting system, encompassing the system’s hardware, software, communications, and documentation. The requirements of this section recognize that no predefined set of security Standards will address and defeat all conceivable or theoretical threats. However, the Standards articulate requirements to achieve acceptable levels of integrity, reliability, and inviolability. Ultimately, the objectives of the security Standards for voting systems are to:

• Establish and maintain controls that can ensure that accidents, inadvertent mistakes, and errors are minimized;
• Protect the system from intentional manipulation and fraud;
• Protect the system from malicious mischief;
• Identify fraudulent or erroneous changes to the system; and
• Protect secrecy in the voting process.

These Standards are intended to address a broad range of risks to the integrity of a voting system. While it is not possible to identify all potential risks, the Standards identify several types of risk that must be addressed, including:

• Unauthorized changes to system capabilities for defining ballot formats, casting and recording votes, calculating vote totals consistent with defined ballot formats, and reporting vote totals;
• Alteration of voting system audit trails;
• Altering a legitimately cast vote;
• Preventing the recording of a legitimately cast vote,
• Introducing data for a vote not cast by a registered voter;
• Changing calculated vote totals;
• Preventing access to vote data, including individual votes and vote totals, to unauthorized individuals...

Software, Firmware and Telecomms security (Extracts):

The system shall meet the following requirements for installation of software, including hardware with embedded firmware:

• If software is resident in the system as firmware, the vendor shall require and state in the system documentation that every device is to be retested to validate each ROM prior to the start of elections operations;
• To prevent alteration of executable code, no software shall be permanently installed or resident in the system unless the system documentation states that the jurisdiction must provide a secure physical and procedural environment for the storage, handling, preparation, and transportation of the system hardware;
• The system bootstrap, monitor, and device-controller software may be resident permanently as firmware, provided that this firmware has been shown to be inaccessible to activation or control by any means other than by the authorized initiation and execution of the vote-counting program, and its associated exception handlers;
• Voting systems that use telecommunications to communicate between system components and locations are subject to the same security requirements governing access to any other system hardware, software, and data function.
• Voting systems that use electrical or optical transmission of data shall ensure the receipt of valid vote records is verified at the receiving station. This should include standard transmission error detection and correction methods such as checksums or message digest hashes.
• Verification of correct transmission shall occur at the voting system application level and ensure that the correct data is recorded on all relevant components consolidated within the polling place prior to the voter completing casting of his or her ballot.
• Voting systems that use public telecommunications networks may become vulnerable, by virtue of their system components, to external threats to the accuracy and integrity of vote recording, vote counting, and vote consolidation and reporting processes. Therefore, vendors of such systems shall document how they plan to monitor and respond to known threats to which their voting systems are vulnerable.

Security testing procedures:

[ITAs] shall not rely on vendor testing as a substitute for software testing performed by the ITA.

"The ITA shall design and perform test procedures that test the security capabilities of the voting system against the requirements defined in Volume I, Section 6. These procedures shall focus on the ability of the system to detect, prevent, log, and recover from a broad range of security risks as identified in Section 6, and system capabilities and safeguards claimed by the vendor in its TDP [documentation] that go beyond [these] risks and threats..."

"Regardless of system design and risk profile, all systems are tested for effective access control and physical data security"

"The ITAs shall conduct tests to ensure that the system provides the necessary identity-proofing, confidentiality, and integrity of transmitted data. These tests shall be designed to confirm that the system is capable of detecting, logging, preventing, and recovering from types of attacks known at the time the system is submitted for qualification."

"The ITA may meet these testing requirements by confirming proper implementation of proven commercial security software ... [or] at its discretion, the ITA may conduct or simulate attacks on the system to confirm the effectiveness of the system's security capabilities."

"For those access control features built in as components of the voting system [as opposed to external policies], the ITA shall design tests to confirm that these security elements work as specified. Specific activities to be conducted by the ITA shall include ... specific tests designed by the ITA to verify the correct operation of all documented access control procedures and capabilities, including tests designed to circumvent controls provided by the vendor. These tests shall include ... (2) Performing tests intended to bypass or otherwise defeat the resulting security environment. These tests shall include simulation of attempts to physically destroy components of the voting system in order to validate the correct operation of system redundancy and backup capabilities. This review applies to the full scope of system functionality".

"For systems that use telecommunications to transmit official voting data, the ITA shall review, and conduct tests of, the data interception and prevention safeguards specified by the vendor ... The ITA shall evaluate safeguards provided by the vendor to ensure their proper operation, including the proper response to the detection of efforts to monitor data or otherwise compromise the system. For systems that use public communications networks the ITA shall also review the vendor’s documented procedures for maintaining protection against newly discovered external threats..."

Ciber's Certification Report Overview

Statement of purpose:

"The primary purpose of Software Qualification Testing is to demonstrate compliance with levels of design, performance, and quality claimed for them by manufacturers. The tests are also intended to demonstrate that the system meets or exceeds the requirements of the FEC Voting System Standards. The scope and detail of the requirements for qualification have been tailored to the design and complexity of the software submitted by VoteHere for testing. The qualification test procedure is intended to discover defects in software design and system operation which, should they occur in actual election use, could result in failure to complete election operations in a satisfactory manner. The tests have been designed to evaluate system compliance with the requirements of Sections 2 through 6 of the FEC Voting System Standards."

Functional testing and verification scope:

Software verification - "All software (including firmware) for all voting systems shall include measures to prevent access by unauthorized persons and to prevent unauthorized operations by any person..."

(Firmware is the built-in programs (BIOS) of the computer. The job of the BIOS is the fundamental unsupervised control over access to network, hard disk drives, and other built in systems of the computer)

Security and Penetration testing and verification scope:

"The vendor shall provide a penetration analysis relevant to the operating status of the system and its environment. This analysis shall...identify all entry points and the methods of attack to which each is vulnerable ... the penetration analysis ... shall be part of the escrow deposit"

(In contravention of the FEC law above, certification requirements as stated by Ciber do not verify protection against penetration, nor perform any ITA testing of weaknesses, nor independent vulnerability or penetration testing of voting machines by security specialists. In the case of both reports obtained by BBV no such testing was performed)

Cipher Labs Certification of Diebold GEMS 1-18-15

System:

GEMS program, ODBC compliant database, Crystal Reports, ABasic, VCPRogrammer, Java, AccuVote-Optical Scan" running on a Dell P2 and Dell P3 using Windows CF.3.0,8/09102 firmware 4.3.13, and Windows NT 4.0.1381.

Functional tests:

Software testing and verification - "Firmware not reviewed"

Security testing and verification - "Not applicable, not reviewed"

Ciber conclusion:

"The functional testing included testing against the functional, overall system performance, software, security ... and audit requirements as specified in the FEC Voting System Standards ... After completing final functional testing, CIBER concludes that GEMS 1-18-15 meets the functional requirements provided by the FEC ... It has been demonstrated through the TDP review, source code review, and functional testing that the GEMS Software ... successfully meets the required acceptance criteria of the FEC Standards for ... Electronic Voting Systems, January 1990. CIBER recommends to the NASED committee that GEMS ... be certified and assigned NASED certification number N0306001 1815."

Source GEMS Certification report page 1, page 2, page 3, page 4

Cipher Labs Certification of VoteHere Election System 3.0.0.33

System:

VoteHere Election System 3.0.0.7 program running on Linux RedHat 7.1, MySQL 3.23.36, Apache 1.3.12, Mozilla 0.8, CryptoF, 4.1, Libxml 2.2.1I, Zlib 1.1.3, OpenSSL 0.9.5a, STLPort 4.0, Various Active X controls, on a ProLiant ML330e platform.

Functional tests:

Software testing and verification - "Firmware not reviewed"

Security testing and verification - "Not applicable, not reviewed"

Ciber's conclusion at end of this testing:

"After completing final functional testing, CIBER concludes that VoteHere Election System Version 3.0.0.33 meets the functional requirements provided by the FEC ... It has been demonstrated through the TDP review, source code review, and functional testing that the VoteHere Software ... successfully meets the required acceptance criteria of the FEC Standards of January 1990. CIBER recommends to the NASED committee that VoteHere Election System ... be certified and assigned NASED Certification Number N03080030033."

Source VoteHere Certification report

BlackBoxVoting.org investigations

Diebold Security and internal email investigation

Source for section: blackboxvoting.org

1. "How to hack a Diebold voting machine (1)" ([54])

   "...Therefore, when I found that Diebold Election Systems had been storing 40,000 of its files on an open web site, an obscure site, never revealed to public interest groups, but generally known among election industry insiders, and available to any hacker with a laptop, I looked at the files. Having a so-called security-conscious voting machine manufacturer store sensitive files on an unprotected public web site, allowing anonymous access, was bad enough, but when I saw what was in the files my hair turned gray..."

   "The contents of these files amounted to a virtual handbook for vote-tampering: They contained diagrams of remote communications setups, passwords, encryption keys, source code, user manuals, testing protocols, and simulators, as well as files loaded with votes and voting machine software."

   (Article goes on to show step by step with screen images, the ease with which it is possible to change the admin password on a voting machine, alter the audit trail, change voting data, etc)

2. "How to hack a Diebold voting machine (2)" ([55])

   Bev Harris - "...Specifically the flaw was that you can get at the centralvote-counting database through Microsoft Access. They have the security disabled. And when you get in that way, you are able to overwrite the audit log ... and this is one of the key things they cite as a security measure when they sell the system."

   "...the Internet does connect to these GEMS computers, even though they deny it. A lot of the press watches election results come in on the Web and what they're watching is actually being uploaded directly off the GEMS computer ... they make a big point of the fact that there's no Internet connection to the voting machine, but that's sort of passing the issue. That's true, in the polling places there's no Internet connection, but the voting machines connect into the GEMS machine through modem ... [and also] the GEMS machine then connects to the Internet..."

3. "How to hack a Diebold voting machine (3)" (same source)

   "...the GEMS program [has no] referential integrity ... I got a call from one of our more brilliant computer programmers ... he said, "I want you to go to your computer." And he walked me through it just like a support tech does ... it was appalling how easy it was. Once you know the steps, a 10-year-old can rig an election. In fact it's so easy that one of our activists, Jim March in California, put together a "rig-a-vote" CD. He's been going around showing it to elections officials, and now this CD has been making its way to Congress members ... All you do is double-click the icon ... and if you have Microsoft Access on your machine you can walk right into that election database while it's open ... You can be in there changing things and you can change anything you want." - There's nothing, no security in this? - "No ... in the memo, [Ken Clark, an engineer at Diebold] named two places where they were doing this, Gaston County, N.C., and King County, Wash."

4. In a public records request to the Elections Board dated November 2, 2004 Bev Harris [56] summarises the security on Diebold's central voting servers:

   All Diebold central voting servers are "...installed on unpatched, open Windows computers and use RAS (Remote Access Server) to connect to the voting machines through telephone lines. Since RAS is not adequately protected, anyone in the world, even terrorists, who can figure out the server's phone number can change vote totals without being detected by observers. The passwords in many locations are easily guessed, and the access phone numbers can be learned through social engineering or war dialing. Under some configurations, attacks by remote access are possible even if the modem appears to be turned off."

5. As noted here, RAS gives any external PC a high degree of control and trust, and permit access to and manipulation of files; Diebold support technicians (emails cited in source) have this ability and knowledge of the dial-up numbers and passwords required to do so. In addition, "everyone just logs in as user admin" according to another email in the same document, ie Diebold technicians all know and use the master password.
6. Diebold prevented certification of a customised version of Windows.

   Email from Talbot Iredale, head of Diebold’s technical team Source -- We do not want to get Wyle reviewing and certifying the operating systems. Therefore can we keep to a minimum the references to the WinCE 3.0 operating system." (WinCE is a highly customised manufacturers' version of Windows, intended for embedded use. Only non-customised "out of the box" systems can avoid certification)

7. The Washington voting system which lost 3 hours of audit trail is referred to earlier:

   Report here, audit log copy here, summary reports signed with date and time by King County elections chief now found to be missing from audit log here.

   (The audit log is a computer-generated automatic record similar to the "black box" in an airplane, that automatically records access to the Diebold central tabulator. The central tabulator audit log is an Federally (FEC) required security feature. The kinds of things it detects are the kinds of things you might see if someone was tampering with the votes: Opening the vote file, previewing and/or printing interim results, altering candidate definitions - a method that can be used to flip votes)

   Three hours between 9:52 pm and 1:31 am is missing altogether from the Sept. 14 2004 Washington State primary, King Co. WA. During this period, 4 summary reports were produced, each of which should have appeared in the audit log if complete and correct. According to King County records the log was complete, and as the article points out, "The audit log is 168 pages long and spans 120 days, and the 3 hours just happen to be missing during the most critical three hours on election night."

   A 2001 internal memo at the manufacturers cited below is referring to a vote or audit or similar database held on a voting machine when it says:

   "Jane ... did some fancy footwork on the .mdb file in Gaston recently. I know our dealers do it. King County is famous for it. That's why we've never put a password on the file before."

8. According to blackboxvoting, "Diebold's own internal memos show they have known the audit log could be altered since 2001"

   Diebold internal email memos:

From: owner-support@gesn.com On Behalf Of Nel Finberg
Sent: Tuesday, October 16, 2001 11:32 PM
Subject: alteration of Audit Log in Access
 
Jennifer Price at Metamor (about to be Ciber) has indicated that
she can access the GEMS Access database and alter the Audit log
without entering a password.  What is the position of our development
staff on this issue?  Can we justify this?  Or should this be anathema?

To: <support@gesn.com> 
Subject: RE: alteration of Audit Log in Access 
From: "Ken Clark" <ken@gesn.com> 
Date: Thu, 18 Oct 2001 09:55:02 -0700 
In-reply-to: <ODEFIJCCLAAIGHHAOEJIKECACCAA.nfglobal@earthlink.net> 

...Its a tough question, and it has a lot to do with perception. 
Of course everyone knows perception is reality...

I've threatened to put a password on the .mdb before when
dealers/customers/support have done stupid things with the GEMS 
database structure using Access.  Being able to end-run the database 
has admittedly got people out of a bind though.  Jane (I think it was
Jane) did some fancy footwork on the .mdb file in Gaston recently.  
I know our dealers do it.  King County is famous for it.  That's why
we've never put a password on the file before.

Note however that even if we put a password on the file, it doesn't 
really prove much.  Someone has to know the password, else how 
would GEMS open it.  So this technically brings us back to square one:  
the audit log is modifiable by that person at least (read, me).  Back to 
perception though, if you don't bring this up you might skate through
Metamor.

There might be some clever crypto techniques to make it even harder
to change the log ... We're talking big changes here though, and at the 
moment largely theoretical ones.  I'd doubt that any of our competitors 
are that clever. Bottom line on Metamor is to find out what it is going 
to take to make them happy.  You can try the old standard of the NT 
password gains access to the operating system, and that after that point 
all bets are off...

I sense a loosing battle here though.  The changes to put a password on
the .mdb file are not trivial and probably not even backward compatible, 
but we'll do it if that is what it is going to take.

Followup

• No enhancement took place, as Ciber signed off security on the system as presented;
• King County suffered an audit trail loss for 3 hours in the September primary election.
• BBV comment [57]:

"Ken tells a co-worker to convince the Federal Independent Testing Authority that WindowsNT security will be adequate, when he KNEW that “everyone just logs in as user admin password global” per an earlier email..."

"Black Box Voting has taken the position that fraud took place in the 2004 election through electronic voting machines. We base this on hard evidence, documents obtained in public records requests, inside information, and other data indicative of manipulation of electronic voting systems. What we do not know is the specific scope of the fraud. We are working now to compile the proof, based not on soft evidence -- red flags, exit polls -- but core documents obtained by Black Box Voting in the most massive Freedom of Information action [3000 requests] in history." [58]

Volusia County Fraud Investigation

"TUESDAY NOV 16 2004: Volusia County election records just got put on lockdown -- Dueling lawyers, election officials gnashing teeth, votergate.tv film crew catching it all. Poll tape discrepancies, stonewalling" blackboxvoting.org's arrival in Volusia County for the purpose of investigating election fraud has been documented here and in more detail here.

Summary of incident:

BBV attended Volusia County. They were given (under pressure) duplicate copies of voting records purporting to be as the originals but not signed by any official and without the official signatures from the election. During the return visit the next morning, they arrived well in advance of the meeting. The following incidents are reported to have taken place:

• A trash bag in the porch of the warehouse was opened (against some official's "tug of war"). It was found to contain official voting records, some with up to 6 or 8 signatures, and blank ballot forms.
• The records supplied by the County officials to BBV under Freedom of Information requests, which had been printed the day before without signatures and purported to be complete copies, were checked against these originals, and differed from the original voting records. Some tapes were found to have been omitted or removed. Votes according to the tapes which had been supplied as "official records" were found to be in some cases hundreds of votes more in favour of Mr Bush than the original records. "The pattern was very clear. The anomalies favored George W. Bush. Every single time."
• During the search, "A Volusia employee boxed up some items from an office containing Lana Hires' desk [a senior employee], which appeared to contain - you guessed it - polling place tapes. The employee took them to the back of the building - and disappeared." Official election records including signed election tapes were later found in the election office dumpster.
• BBV decided to explored the contents of official trash and bags designated for shredding. Official voting tapes verified by up to 6 signatures were found, designated for shredding.
• The tapes in the official garbage designated for shredding contained more discrepancies, as well as at least one of the missing tapes sought earlier.
• In the Volusia offices, Diebold memory cards and computer equipment were "scattered around unsecured in any way".

Source here filmed by votergate.tv

(Sidenote - Volusia FL. was also the county at the heart of the single biggest identified suspect Voting Machine anomaly in Florida 2000 - see below)

TUESDAY NOV 23 2004

Black Box Voting report that a lawsuit has now been filed in Volusia County, Florida to set aside that county's 2004 general election. Susan Rose Pynchon vs. Volusia County Canvassing Board and Ann McFall

Similar anomalies in recent history

The exploitation of security vulnerabilities in voting machines so as to change the outcome of elections has been alleged in a number of elections for the last decade. After the 2004 Presidential election, a paper by UC Berkeley sociology professor Michael Hout and three of his graduate students concluded "No matter how many factors and variables we took into consideration ... the data show with 99.0% certainty that a county's use of electronic voting is associated with a disproportionate increase in votes for President Bush". This study has been strongly criticized by 2 other professors, who say that it picked a statistical model that favored a predetermined outcome, although other valid models produced opposite results. [59]

Volusia, Florida 2000

""If you strip away the partisan rancor over the 2000 election, you are left with the undeniable fact that a presidential candidate conceded the election to his opponent based on [results from] a second card that mysteriously appears, subtracts 16,022 votes, then just as mysteriously disappears."

- Bev Harris, "Black Box Voting in the 21st Century", chapter 11, Florida 2000 election.

A "faulty memory card" was cited as the cause by the manufacturer. Experts and Diebold's own technical staff dismissed this as implausible for substansively the same reasons cited by the author:

"A memory card is like a floppy disk. If you have worked with computers for any length of time you will know that a disk can go bad. When it does, which of the following is most likely? In an Excel spreadsheet that you saved on a 'bad disk,' might it read a column of numbers correct the first time: '1005, 2109, 3000, 450...' but the second time, replace the numbers like this: '1005, 2109, -16022, 450...' Or is it more likely that the 'bad disk' will ... fail to read the file at all, crash your computer, give you an error message, or make weird humming and whirring noises."'

Diebold internal emails:

    Ken Clark (Diebold ES R&D Manager) – January 18, 2001 1:41 PM
"My understanding is that the card was not corrupt after (or before) upload. 
They fixed the problem by clearing the precinct and re-uploading the same card. 
So neither of these explainations washes. That's not to say I have any idea what 
actually happened, its just not either of those ... The problem is its going to be
very hard to collect enough data to really know what happened. The card isn't
corrupt so we can't post-mortem it (its not mort)."

    John McLaurin - Diebold ES - 18 Jan 2001 15:44:50
"...the negative numbers ... occurred when Lana attempted to reupload a card or
duplicate card. Sophia and Tab may be able to shed some light here, keeping in
mind that the boogie man may me reading our mail. Do we know how this could occur?"

    Tab Iredale - Diebold ES - 18 Jan 2001 13:31
The problem precinct had two memory cards uploaded ... on the same port approx.
1 hour apart. As far as I know there should only have been one memory card uploaded.
I asked you to check this out when the problem first occurred but have not heard back
as to whether this is true. Given that we transfer data in ascii form not binary and
given the way the data was 'invalid' the error could not have occurred during transmission.
Therefore the error could only occur in one of four ways: 
...
[4] There is always the possiblity that the 'second memory card' or 'second upload'
came from an un-authorised source.

    John McLaurin – Diebold ES - Thu, 18 Jan 2001 16:56:06
I will be visiting with Lana on Monday and will ascertain the particulars related
to the second memory card. One concern I’ve had all along is 'if' we are getting
the full story from Lana.

("Lana" is Lana Hires, the Volusia election employee described by Blackboxvoting as "particularly unhappy about seeing the Black Box Voting investigators in the office" in Nov 2004, described by BBV as having initially rejected their request to visit the warehouse containing election voting data, and "ordered them out")

BBV summary of Diebold memo's:

"What we know from the memos can be summarised as follows...

• Two memory cards were uploaded from Volusia Couny's precinct 216, the second one was loaded sometime close to 2am in the morning. It automatically replaced the first card's results and reduced Gore's total by 16,022 votes and added several thousand votes to Bush plus a variety of minor candidates;
• Both memory cards loaded into the system clean and without errors, indicating (contrary to the official line) that they were not faulty;
• After the error was noticed the original card was reloaded and the mistake was rectified;
• The error was introduced in such a way that the total number of votes remained unchanged (again something that could not happen by chance);
• According to the technical boffins, the chance of the memory card being corrupted and still passing the checksum error test are less than 60,000 to 1;
• The technical managers at Diebold Election Systems considered it a reasonable possibility that the second card was part of deliberate conspiracy to rig the election results."

Impact of errors on Presidential election:

"2:09 AM - VNS adds Volusia County's erroneous numbers to its tabulated vote. With 171 out of 172 precincts in the county reporting, Gore's vote drops by more than 10,000 while Bush's rises by almost the same amount. This 20,000-vote change in one county increases Bush's VNS statewide lead to more than 51,000 votes. source"

"What the news networks, and the Al Gore, camp do not realise at this point in the evening is that over 20,000 of votes that make up this significant lead are attributable to two Diebold Election Systems computer errors. First there are the 16,022 votes stolen from Gore in Volusia County by the "faulty memory card". Meanwhile over in Brevard County another error - also involving Global Elections System (the predecessor of Diebold) equipment is responsible for a further 4000 votes being lopped off the Gore total. And it is also worth noting that nobody knows whether the Brevard and Volusia County errors were the only ones in play at this time. These errors were both big ones."

"At 2.17am and 2.20am the remaining two major networks CBS and ABC called the race to Bush. Their decision continued to be bolstered by the VNS data stream - which even at 2.47am - was still recording a margin to Bush of close to 50,000 votes. Remarkably it was not till 2.51am that VNS fixed the Volusia error in its data. Meanwhile with all the networks showing the race for the White House won by Bush, the pressure is mounting on Gore to concede."

(Source: [60])

"Al Gore happened to be in the staff room on the seventh floor when the votes spiked up in Bush's favor. Dressed casually, the vice president was watching television while lying on the floor, with his chin propped up in his hands. As a result of the Volusia votes, Fox News called Florida—and the presidency—for Bush at 2:16 a.m. CBS and NBC followed suit a minute later and ABC came in at 2:20 a.m. ... A moment later [Al Gore] told members of his campaign that he was ready to concede the election to Bush, which he did several minutes later over the telephone. Unwilling to take the television networks reports at face value, one of Gore’s campaign staffers did a little investigating and discovered that the networks erred in stating that 50,000 votes from Volusia County were cast for Bush. Turns out that Gore was ahead by 13,000 votes in Volusia and trailing Bush by 6,000 votes overall ... Gore was traveling in a motorcade en route to deliver a concession speech to his supporters. His staff stopped him."

- Jeffrey Toobin, "Too Close to Call"

In its internal investigation the CBS inquiry team found the two Diebold County level errors, Volusia and Brevard, were conclusive in their networks decision to call the race to Bush. "The mistakes ... were critical, since there were only about 3 percent of the state's precincts outstanding at this time. They incorrectly increased Bush's lead in the tabulated vote from about 27,000 to more than 51,000. Had it not been for these errors, the CBS News call for Bush at 2:17:52 AM would not have been made."

(Main source for this section including emails and impact: [61], summarising Bev Harris' report in "Black Box Voting")

Voter suppression and racial discrimination, Florida 2000

Source for this section globalresearch.ca, written July 2003:

To understand how George W. Bush will win the next presidential election, it helps to understand how he won the last one. While all public attention rested on hanging chads, butterfly ballots and a skewed recount in the wake of the 2000 Presidential election, the root of the problem has been overlooked. As investigative reporter Greg Palast uncovered, the state of Florida purged over 90,000 people from their list of eligible voters under the guise that they were felons. In fact, almost none of the disenfranchised voters were felons...but almost all were blacks or democrats.

Palast's investigation revealed that at the heart of this ethnic cleansing of voter lists was the creation of a new centralized database for the state of Florida. In 1999, the state fired the company they were paying to compile their "scrub" lists and gave the job to Database Technologies (DBT, now ChoicePoint). DBT, a private firm known to have strong Republican ties was paid $2.3 million to do the same job that had previously been done for $5,700.

The first list of felons from DBT included 8,000 names of felons from Texas supplied by George Bush's state officials. The state government said they were all felons, and thus barred from voting under federal law. Local officials complained about the list and DBT issued a new one, this time naming 58,000 felons. Palast discovered that the one county that went through the process of checking the new list name by name found it was 95% wrong ... Florida voters whose names were similar to out-of-state felons were barred from voting.

DBT didn't get names, birthdays or social security numbers right, but they were matched for race, so a felon named Joe Green only knocked off a black Joe Green, but not a white person with the same name. There was no need to guess about the race of the disenfranchised: a voter's race is listed next to his or her name in many Southern states including Florida because racial ID is required by the Voting Rights Act of 1965.

DBT's fee of $2.3 million was supposed to include verification that the individuals on their list were actually felons, but Palast's investigation showed that DBT could not provide any evidence that they made a single phone call to verify the identity of the names scrubbed prior to the 2000 Presidential Election.

Unfortunately, nothing is preventing this purge from taking place again on a national scale ... Martin Luther King III and Greg Palast recently co-authored a piece on the dangers of such databases, recalling the Florida debacle. Their conclusion: "Jim Crow has moved into cyberspace -- harder to detect, craftier in operation, shifting shape into the electronic guardian of a new electoral segregation."

Riverside County CA., March 2004 Primary (litigation)

Source [62] (Currently in appeal):

"...Experts said the company designed the machines and software so that vote totals could easily be altered without leaving a trace. Losing candidates in one race charged that when the computer acted up on election night, a CES employee inserted control cards into the machine. The plaintiffs sued to retrieve the source code, and the court, for once, consented. When computer experts examined the software, they determined that CES had changed the computer's instructions for tallying votes on election night. But because the program lacked adequate auditing mechanisms to track the nature of those changes, no one could determine if the company had rigged the election."

"...There were also eyewitness reports that on election night Townsend had halted vote counting for a period of time and allowed employees of the voting machine company, Sequoia Voting Systems, to access the computer containing the counting software. Townsend refused to hand over the audit logs and memory cartridges, saying they were irrelevant to a recount. This was strange because Townsend had been telling e-voting critics for the past year that voters shouldn't worry about the security of touch-screen machines because they stored three redundant versions of votes which could always be examined in a recount."'

Riverside County's official observers describe the observation process permitted to them:

• According to programmer Jeremiah Akin, one of the leading voting integrity advocates focusing on Sequoia Voting Systems, the process of observation was a "sham".
• "They allowed only one person in the room. I was told to stand between two tape marks," he said.
• Akin asked Riverside to demonstrate that the cartridges were empty before Riverside transferred results for Soubirous' election onto them. Riverside refused to demonstrate that the cards were not preloaded with data, saying it would take too long. Riverside then responded that he was not allowed to ask questions.
• Then Akin attempted to watch the data transfer process -- but the county had positioned the computers so that the backs were facing the person standing in the taped area, so he could not view the screens.
• Akin was not able to see most of the screens at all. He did glimpse a portion of one screen, with glare from the lights on it, making it difficult to see. What Akin did manage to see on the screen was curious: They were transferring from the touch-screen voting machines to a pair of laptops, to a "Z" drive, a designation typically reserved for networks. If data was transferring through a network, anyone could be anywhere -- including in another room -- superimposing their own information onto the data.
• It was not possible to track the data by following the cartridge through the process. Cartridges were pulled, stacked, mixed around, put out of eyesight, and uploaded onto computers whose screens could not be observed.
• When allowing other observers to enter, the original observer was told to leave the room, leaving the process unobserved for a portion of time.
• The next observer was then allowed to stand in between tape marks, stare at backs of computers, and ask no questions...

ElectionGuardians.org reports that a week after the Riverside March 2004 primary, it was discovered that "in at least three precincts around the Coachella Valley, the Sequoia Pacific touchscreen voting machines were sitting around in unlocked rooms, easily accessible by the public":

• $80,000 of equipment sitting around in:
  • A clubhouse, accessible to anyone walking down the street in Cathedral City,
  • The senior center, again open to the public,
  • The drama room of a high school, with students and others coming and going.
• The machines were on carts which could be easily wheeled out of the room for privacy.
• The drama room was accessible to students and adults every day after the election. Photographs taken 6pm Monday evening, door was unlocked and openly accessible by any person.

Comment by Riverside county official Townsend during meeting to discuss the above and head off law suits:

"...she actually came right out and said: 'You need to trust me; I took an oath to the government'."

Dr Mercuri credentials and testimony of machine failure and irregularities in respect of Riverside irregularities:

"I have a copy of a videotape filmed at the warehouse after the election, showing numerous machines registering votes to some candidates when certain other candidates were selected. In another instance (that occurred in November 2000) brand new Sequoia DRE machines in North Brunswick, New Jersey registered zero votes for major party candidates in a local race. When the manufacturer was questioned about why their supposedly “fail-safe” system failed, the company representative indicated that votes were not “lost” - rather that votes were not “cast” - a semantic distinction that certainly has Equal Protection ramifications. Most recently, in a runoff primary election with only two candidates in Palm Beach, Florida, Sequoia machines registered no selection in 2.3% of the ballots cast (or attempted to be cast). In some precincts, the “no vote recorded” rate was as high as 10%. This matter is currently being litigated, and here again, the manufacturer has yet to provide any explanation for the failure to record votes, or the failure to detect and shut-down defective machinery (as per their own product specification claims)"

Georgia 2002

Sources [63] and [64]:

In 2002, voters used new electronic systems to throw out a popular incumbent governor and a serving US senator, both Democrats, in favour of little-known Republican opponents. Polls right up to the election indicated that both Democrats would be re-elected comfortably, the tally on election night showed massive swings against them of up to 12-16%. The explanation, according to the winners, was that rural voters came out in force, but later analysis indicated that no more voters than normal came to the polls that day (source 1) and that there was no major demographic shift (source 2).

This was the first Republican elected Govenor of Georgia for 134 years, with a massive swing that pollsters were at a loss to explain, took place in an election based upon Diebold touch-screen voting systems that had just been sold to the state. Afterwards it emerged that Diebold software engineers had changed the programming in the state's machines "at least seven times" leading up to the election.

Before any investigation was possible, Diebold workers had already "formatted the memory flash cards from the state's voting machines, making any examination of the electoral record ... impossible".

Other

• Source globalresearch.ca 2003
  • A former news reporter in Florida discovered that votes were being tabulated in 644 Palm Beach precincts, but Palm Beach only has 643 precincts.
  • An earlier court case in Florida found the same discrepancy. A reporter in New Jersey observed 104 precincts with votes in an area that has only 102 precincts.
  • Baldwin County results showed that Democrat Don Siegelman won the state of Alabama. However, the next morning, 6,300 of Siegelman's votes disappeared and the election was handed to Republican Bob Riley. A recount was requested and denied.
  • In North Carolina, a software programming error caused vote-counting machines to skip over several thousand votes, both Republican and Democratic. Fixing the error turned up 5,500 more votes and reversed the election.
  • In Comal County Texas, an uncanny coincidence resulted in three Republican candidates winning by exactly 18,181 votes each. Two other Republican candidates outside Texas also won by exactly 18,181 votes.
    • • Same incident, Wired News added extra information: "... a former worker in Diebold's Georgia warehouse says the company installed 'patches' [it is neither confirmed what the actual software was nor what it did] on its machine before the state's 2002 gubernatorial election that were never certified by independent testing authorities or cleared with Georgia election officials. Questions were raised in Texas when three Republican candidates in Comal County each received exactly the same number of votes - 18,181." [65]
• Congressman Tom Feeney (R), Speaker of the House of Florida, lobbyist for Yang Enterprises and accused by Clint Curtis of contracting Yang to produce illegal software (see Clint Curtis affidavit), was investigated in 2002 for unethical practices on behalf of Yang. He was cleared of those charges, but statements he made to the Ethics Commission have been proven untrue.

"Despite repeated claims that he never used his influence to benefit his client, House Speaker Tom Feeney arranged at least one meeting between state officials and an Oviedo computer firm that was having trouble with its state contract. E-mails obtained by The Daytona Beach News-Journal through the state's public records law contradict statements made by the Oviedo Republican to the state Ethics Commission, which cleared him of ethical missteps surrounding his ties to his client, Yang Enterprises." [66]

Expert testimony on quality of current voting machines

Dr. Professor Avi Rubin

Testimony of Dr. Aviel D. Rubin to U.S. Federal Election Assistance Commission, on Electronic Voting Systems, May 2004:

(Witness credentials: Professor of Computer Science, Technical Director of the Information Security Institute at Johns Hopkins University, served on SERVE security peer review group for Dept. of Defense, member of National Committee on Voting Integrity, Secure Systems Research Department at AT&T (cryptography, computer and internet security) [67], 2004 election judge in local county)

• There is no way for voters to verify that their votes were recorded correctly.
• There is no way to publicly count the votes.
• In the case of a controversial election, meaningful recounts are impossible.
• With respect to the Diebold Accuvote TS and TSx, we found gross design and programming errors, as outlined in our attached report. The current certification process resulted in these machines being approved for use and being used in elections.
• We do not know if the machines from other vendors are as bad as the Diebold ones because they have not made their systems available for analysis.

"On the spectrum of terrible to very good, we are sitting at terrible. Not only have the vendors not implemented security safeguards that are possible, they have not even correctly implemented the ones that are easy. If I had more time I would debunk the myth of the security of the so-called triple redundancy in the Diebold machines. I would explain the limitations of logic and accuracy testing in an adversarial setting, I would explain how easy it would be for a malicious programmer to rig the election with today's DREs [voting machines], and I would describe the seriousness of the security flaws that we and others have found in the Diebold machines. These are all things that I could have done and would have been happy to do, before anybody started purchasing and using these DREs. But nobody asked."

"Since our study came out, three other major studies ... all cited serious security vulnerabilities in DREs. RABA, which is closely allied with the National Security Agency, called for a "pervasive rewrite" of Diebold's code. Yet, the vendors, and many election officials ... continue to insist that the machines are perfectly secure. I cannot fathom the basis for their claims. I do not know of a single computer security expert who would testify that these machines are secure. I personally know dozens of computer security experts who would testify that they are not." (Source: [68])

Dr. Professor Rebecca Mercuri