Voting System Examiners Blocked From Disclosure?
Voting System Examiners Blocked From Telling What They Know?
Original URL (With Discussion)
Voting system examiners in several states have reportedly been prohibited from revealing voting system flaws to the public due to nondisclosure agreements they signed with the vendors.
With the future of democracy is at stake, just what agreements were signed by examiners like Steve Freeman (CA), Brit Williams (GA, MD, VA), Paul Craft (FL), Doug Jones (IA), and David Jefferson (CA)?
Black Box Voting has learned that vendors have been requiring nondisclosures to block release of information of critical importance to the public. Secretaries of state have failed to protect their voting system examiners, reportedly requiring administrative rules that prevent proper analysis and evaluation of voting systems by state examiners.
Black Box Voting has filed public records requests to obtain all nondisclosure agreements signed by Paul Craft, David Drury, David Jefferson, Steve Freeman, Doug Jones, Brit Williams, Merle King, and Michael Shamos.
We have already obtained one of the Diebold nondisclosure requirements. Diebold attempts to block everything that should be revealed -- even if the contractor is served with a subpoena or court order!
Black Box Voting is investigating the following issues:
1) Whether voting system examiners have been provided with indemnification. Failure to provide indemnification allows the vendor to sue the examiner for damages if the examiner happens to discover or expose something harmful to the vendor.
2) Whether voting system examiners were protected by their secretaries of state. It appears that secretaries of state have left it to the scientists who examine voting software to negotiate their own terms of engagement with vendors. Some scientists, who understandably are not experts in intellectual property law, have signed the agreements provided by vendor attorneys. These agreements can later prove to be unduly restrictive, preventing the examiner from revealing what he knows even to the secretary of state.
3) Whether state voting system examiners were prohibited from examining the testing reports provided by Ciber and Wyle, the federal testing labs. Documents provided to Black Box Voting by Joan Quinn, a citizen in Sacramento, Calif., indicate that California examiner Steve Freeman may not have had access to key portions of the federal testing reports when examining voting systems for the state of California.
4) Whether examiners were prohibited from examining the source code and/or testing the equipment themselves.
5) Whether examiners were prohibited from asking the vendors follow up questions by rules or administrative procedures .
6) Whether examiners were ever prohibited by rules or administrative procedures from communicating with others on voting system panels or certification boards during deliberations over certification recommendations, or during/after voting system examinations.
7) Whether examiners are ever allowed to examine escrowed information -- source code and/or "penetration analysis"?
Black Box Voting has requested copies of the rules, escrow procedures, and any indemnifications, nondisclosures or administrative procedures that apply to the certification, examination and deliberation process in Florida, Pennsylvania, Georgia, California, and Iowa.
Please do not limit these important inquiries to Black Box Voting efforts
- Citizens are urged to gather evidence independently of Black Box Voting, through Freedom of Information and public records requests, to determine exactly what procedures, nondisclosures, restrictions, rules and guidelines are in place for each state's voting system examiners and certifiers.
- State senators and legislators, especially in the above-named states, are urged to launch formal hearings, with subpoena power and witnesses under oath, to investigate exactly what restrictions were placed on voting machine examiners by vendors and secretaries of state.
Another breakdown in voter protection
Bruce Sims of San Diego, Calif. caught this problem:
According to 1990 FEC standards section 5.3, "Access Control", voting machine manufacturers are required to provide federal testing labs with a "penetration analysis" (hacking analysis). Did Diebold, Sequoia and ES&S provide this to testing labs?
If so, why didn't the labs identify the massive Diebold holes exploited by a Finnish security expert in the 2005 Black Box Voting "Harri Hursti" projects, and by Dr. Herbert Thompson and Black Box Voting with the Diebold GEMS central tabulator, and by Jeremiah Akin with the Sequoia WinEDS central tabulator?
"All software (including firmware) for all voting systems SHALL incorporate measures to prevent ... unauthorized operations by ANY PERSON. Unauthorized operations include, but are not limited to: MODIFICATION OF COMPILED OR INTERPRETED CODE..."
This is exactly the "unauthorized operation" that Hursti performed in Leon County on May 26 and Dec 13 2005 in the Black Box Voting projects. Thompson's Visual Basic GEMS hack was also an "unauthorized operation" of the code, and the alterations in the Sequoia WinEDS code demonstrated by Jeremiah Akin are also "unauthorized operations."
When public officials and vendors explain to you that these hacks are not relevant because they require inside access, note that this FEC requirement applies to both outsiders and INSIDERS.
And did the vendor ever supply adequate "penetration analyses"?
"The vendor shall provide a penetration analysis," the standards say. Setting aside for the moment the sheer stupidity of relying only on a profit-seeking vendors assessment of their own product weaknesses, the Diebold memos show that Diebold knew that its customized AccuBasic code could be altered to "do just about anything." Therefore, unless Diebold identified this in the "penetration analysis" it was supposed to provide to the labs, it was out of compliance with FEC guidelines.
From: Guy Lancaster
Date: Thu, 18 Nov 1999
"The 1.94w firmware does not keep a checksum on the Accu-Basic report program stored on the memory card. It sounds like that area has been corrupted on these but without a checksum, the Accu-Vote doesn't recognize the fact and report the error..."
From: On Behalf Of Steve Knecht
Sent: Tuesday, February 05, 2002 9:54 AM
Subject: AccuVote Tapes Results Report
> could we get an AccuBasic Report Option that just printed out the label and the ballots cast by precinct only for the zero and election night
Reply: "We can do just about anything."
So, Diebold knew that the AccuVote results reports could be programmed to "do just about anything" and Diebold also knew that "firmware does not keep a checksum on the Accu-Basic report program stored on the memory card."
Did Diebold include this KNOWN information in its "penetration analysis"?
If so, why are the testing labs (Ciber and Wyle) still in the business of examining elections software?
If not, why is Diebold still in the elections business?
Not only is the memory card exploit findable and documented in the public record (at least since 2003 when the Diebold memos were released), but another "unauthorized operation," the use of a Visual Basic script to hack the GEMS central tabulator, has been widely known for years. The use of the MS Access database to perform unauthorized functions was publicly revealed by Black Box Voting in July 2003, but was documented by Diebold programmers back in Oct. 2001.
Aside from the memory card problems, were the GEMS penetration points documented in the penetration test sent by Diebold to testing labs?
Regardless, why didn't state and independent evaluators identify the problems and speak up?
Public records obtained by Joan Quinn reveal that California voting system examiner Steve Freeman did a five-hour "security examination" of GEMS after the exploit holes were documented publicly by Black Box Voting -- yet he recommended certification of the system, even after a critical protective measure for GEMS hacking was stripped out of the Diebold central counting system.
What is in his report on this? Black Box Voting has requested a copy, but due to the bizzaro-world nondisclosures, we believe we may be turned down for "security" reasons (even though it was Black Box Voting that first publicly identified the GEMS defects, on July 8, 2003!).
"Such penetration analysis will be subject to strict confidentiality and non-disclosure by the test authority. For security reasons, the penetration analysis shall not be routinely distributed to the jurisdictions that program elections. The penetration analysis, however, will be part of the escrow deposit."
How many secretaries of state have violated their own election laws?
Many states have election laws that state something similar to this: "systems be safe from 'fraud or manipulation'."
Let us examine for a moment the responsibility of secretaries of state under their own legal responsibility to ensure that their voting system is "safe from fraud or manipulation."
- If the FEC standards requires that the ITA-examined and vendor-supplied "penetration analysis" be submitted into escrow, does the secretary of state have a duty to examine the penetration analysis?
- If a secretary of state authorizes a state examiner to look at the system, does the secretary of state have a duty to enable said examiner to conduct an unfettered examination, review federal testing lab reports, including vendor's "penetration analysis" and any testing lab comments on it?
- If so, does the secretary of state have an obligation to obtain the report of his own state examiner?
Why would a secretary of state have his contractor negotiate/sign the NDA with the vendor, rather than the Sec. State's office?
If a nondisclosure is used at all, would not the correct party for the nondisclosure agreement (NDA) be the secretary of state, with the sec. state then invoking his own NDA on the state examiner?
In other words, it seems that a strange breach of duty may have occurred in locations where state examiners were forced into NDAs directly with vendors. Because the Secretary of State has a fiduciary duty to the taxpayers to ensure that voting systems are safe from manipulation, the examiner must be given free rein to disclose any and all findings with the secretary of state.
Thus, any NDA should be between the secretary of state and the vendor, with an employment or consultant's agreement executed between the secretary of state and the examiner. It is the secretary of state's duty to protect his own examiner from retaliation from the vendor.
Instead, it appears, the secretaries of state have stepped aside, have failed to provide examiners with the materials and access to the voting system reasonably required to perform an examination, have apparently failed to provide examiners with access to the penetration analysis, have failed to protect examiners from legal retaliation by the vendor, and therefore have failed to obtain the necessary information to "ensure that the system is safe from manipulation."
Permission granted to copy, distribute, reprint, or cite
only if any
further dissemination includes the link http://www.blackboxvoting.org/
and credit given for the source of the information.