CA Test Stalled As Diebold Certification Derails
California “Hack” Test Stalled As Diebold Certification Derails
Black Box Voting
BREAKING – Dec. 20, 2005: California Secretary of State Bruce McPherson has laid a subtle and elegant trap. Today, California threw Diebold Election Systems’ pending certification into a tailspin, using Machiavellian logic designed to cast doubt on the federal testing lab process, the upcoming HAVA deadline and Diebold voting systems simultaneously (while standing neatly aside to watch the house of cards collapse).
This move follows on the heels of a devastating hack demonstration by Harri Hursti sponsored by Black Box Voting, which took place in Leon County, Florida on Dec. 13. This hack manipulated memory cards by exploiting design defects and Diebold’s customized “AccuBasic” program code.
Here’s how the California trap works: In a terse letter to Diebold, State elections chief Caren Daniels-Meade writes, “Unresolved significant security concerns exist with respect to the memory card used to program and configure the AccuVote-OS [optical scan] and the AccuVote-TSX [touch-screen] components of this system because this component was not subjected to federal source code review and evaluation by the Independent Testing Authorities (ITA) who examined your system for federal qualification. It is the Secretary of State’s position that the source code for the AccuBasic code on these cards, as well as for the AccuBasic interpreter that interprets this code, should have been federally reviewed.
“…we are requesting that you submit the source code relating to the AccuBasic code on the memory cards and the AccuBasic interpreter to the ITA for immediate evaluation. We require this additional review before proceeding with further consideration of your application for certification in California.”
And herein lies the trap. Federal testing authorities are supposed to rely on standards set by the Federal Election Commission. The FEC standards prohibit “Interpreted code” – thus, the AccuBasic “interpreter” is illegal. (The entire AccuBasic source code tree is written in a home-brewed language that Diebold programmers made up themselves, making it more difficult for certifiers to examine.)
The Hursti memory card attack demonstrated in Leon County Florida manipulated the voting system by passing code through -- drum roll please -- the Diebold interpreter, using a set of programs called AccuBasic which was written in a concocted computer language and (now it is revealed) was never examined at all by federal testing labs.
The ITA dilemma: ITAs have the choice of either recommending code that explicitly violates FEC standards (placing an unsupportable liability burden on them) or admitting that the original certification was defective. If the ITAs retract their recommendation, it will effectively strip Diebold of its federal certification, and may also affect its older products.
The Diebold dilemma: Diebold can refuse to submit its code to the ITAs, but that will lose the state of California, continuing a pattern initiated last week when two Florida counties dumped their Diebold machines. Alternatively, Diebold can submit its code and watch as the federal authorities sever their product line from the U.S. market.
The position is made more unstable because Diebold is now fending off stockholder suits by an armload of attorneys piling on to solicit clients for a voting machine-related securities fraud lawsuit.
California Secretary of State letters to Diebold Election Systems:
Something terribly wrong has happened here.
American citizens have been commenting on the unacceptable performance of the ITAs since before Black Box Voting was incorporated in 2004.
In November 2002, Dan Spillane (a former senior test engineer for VoteHere) met with Black Box Voting founder Bev Harris.
“It’s a house of cards,” he said, showing her stacks of bogus ITA reports. “The bottom card is the certification process.” Spillane says he flagged more than 250 system integrity errors in the touch-screen system he evaluated, yet the system passed every level of certification. He was terminated by VoteHere, he sued, and the case was settled by VoteHere with details kept confidential.
Here are writings by computer programmer Jim March on this subject: "The Federal testing process was subverted multiple times by Diebold staff…we’re going to need to study the Federal certification process, in public.” http://www.equalccw.com/lewisdeconstructed.pdf (Date 9/23/2003; Jim March)
Bev Harris’s book, Black Box Voting, took the ITAs, NASED and the state examiners to task: http://www.blackboxvoting.org/bbv_chapter-6.pdf (Date 10/10/2003; Bev Harris). Harris published interviews with state voting machine examiners exposing slipshod state certification that relies on the flawed premise of strong federal certification: http://www.blackboxvoting.org/bbv_chapter-9.pdf (Date 10/15/2003)
A Riverside (Calif.) computer programmer Jeremiah Akin writes of ITA failure during testing of Sequoia voting software: "Failure of certification process to catch major security flaws in software:…Riverside has run elections on software that was later found to contain major security vulnerabilities that were not spotted in the certification process." http://www.exit.com/RiversideVoteTest/letters/response_to_mudslinging.pdf (Date 2/29/2004; Jeremiah Akin)
Black Box Voting published ITA reports from Ciber Labs for Diebold showing that “penetration tests” (security evaluations) were marked “not applicable” and “not tested.” http://www.bbvdocs.org/general/ciber-reports.zip (Date: Oct. 17, 2004; Black Box Voting, Inc.)
Susan Pynchon, an ordinary citizen who now runs the Florida Fair Elections Coalition, wrote this analysis demonstrating a breakdown in Florida's state certification process: http://www.bbvdocs.org/general/FFECreport.pdf (Date July 11, 2005; Susan Pynchon)
Ordinary citizens led this investigation, gathering momentum and evidence nationwide, resulting in the Thompson and Hursti security tests in Florida, culminating in the California Secretary of State ordering Diebold and federal testing labs to go clean up their room (while neatly diverting attention from state-level certification failures).
And now, a word from one of our forefathers:
"There is only one force in the nation that can be depended upon to keep the government pure and the governors honest, and that is the people themselves. They alone, if well informed, are capable of preventing the corruption of power, and of restoring the nation to its rightful course if it should go astray. They alone are the safest depository of the ultimate powers of government."
-- Thomas Jefferson
-Black Box Voting is a nonpartisan, nonprofit 501c(3) elections watchdog group supported entirely by citizen donations. To support our work, go to http://www.blackboxvoting.org/donate.html or mail to 330 SW 43rd St Suite K PMB 547 Renton WA 98055Black Box Voting