World Video | Defence | Foreign Affairs | Natural Events | Trade | NZ in World News | NZ National News Video | NZ Regional News | Search


Voting System Examiners Blocked From Disclosure?

Voting System Examiners Blocked From Telling What They Know?
Original URL (With Discussion)

Voting system examiners in several states have reportedly been prohibited from revealing voting system flaws to the public due to nondisclosure agreements they signed with the vendors.

With the future of democracy is at stake, just what agreements were signed by examiners like Steve Freeman (CA), Brit Williams (GA, MD, VA), Paul Craft (FL), Doug Jones (IA), and David Jefferson (CA)?

Black Box Voting has learned that vendors have been requiring nondisclosures to block release of information of critical importance to the public. Secretaries of state have failed to protect their voting system examiners, reportedly requiring administrative rules that prevent proper analysis and evaluation of voting systems by state examiners.

Black Box Voting has filed public records requests to obtain all nondisclosure agreements signed by Paul Craft, David Drury, David Jefferson, Steve Freeman, Doug Jones, Brit Williams, Merle King, and Michael Shamos.

We have already obtained one of the Diebold nondisclosure requirements. Diebold attempts to block everything that should be revealed -- even if the contractor is served with a subpoena or court order!

Black Box Voting is investigating the following issues:

1) Whether voting system examiners have been provided with indemnification. Failure to provide indemnification allows the vendor to sue the examiner for damages if the examiner happens to discover or expose something harmful to the vendor.

2) Whether voting system examiners were protected by their secretaries of state. It appears that secretaries of state have left it to the scientists who examine voting software to negotiate their own terms of engagement with vendors. Some scientists, who understandably are not experts in intellectual property law, have signed the agreements provided by vendor attorneys. These agreements can later prove to be unduly restrictive, preventing the examiner from revealing what he knows even to the secretary of state.

3) Whether state voting system examiners were prohibited from examining the testing reports provided by Ciber and Wyle, the federal testing labs. Documents provided to Black Box Voting by Joan Quinn, a citizen in Sacramento, Calif., indicate that California examiner Steve Freeman may not have had access to key portions of the federal testing reports when examining voting systems for the state of California.

4) Whether examiners were prohibited from examining the source code and/or testing the equipment themselves.

5) Whether examiners were prohibited from asking the vendors follow up questions by rules or administrative procedures .

6) Whether examiners were ever prohibited by rules or administrative procedures from communicating with others on voting system panels or certification boards during deliberations over certification recommendations, or during/after voting system examinations.

7) Whether examiners are ever allowed to examine escrowed information -- source code and/or "penetration analysis"?

Black Box Voting has requested copies of the rules, escrow procedures, and any indemnifications, nondisclosures or administrative procedures that apply to the certification, examination and deliberation process in Florida, Pennsylvania, Georgia, California, and Iowa.

Please do not limit these important inquiries to Black Box Voting efforts

- Citizens are urged to gather evidence independently of Black Box Voting, through Freedom of Information and public records requests, to determine exactly what procedures, nondisclosures, restrictions, rules and guidelines are in place for each state's voting system examiners and certifiers.

- State senators and legislators, especially in the above-named states, are urged to launch formal hearings, with subpoena power and witnesses under oath, to investigate exactly what restrictions were placed on voting machine examiners by vendors and secretaries of state.

Another breakdown in voter protection

Bruce Sims of San Diego, Calif. caught this problem:

According to 1990 FEC standards section 5.3, "Access Control", voting machine manufacturers are required to provide federal testing labs with a "penetration analysis" (hacking analysis). Did Diebold, Sequoia and ES&S provide this to testing labs?

If so, why didn't the labs identify the massive Diebold holes exploited by a Finnish security expert in the 2005 Black Box Voting "Harri Hursti" projects, and by Dr. Herbert Thompson and Black Box Voting with the Diebold GEMS central tabulator, and by Jeremiah Akin with the Sequoia WinEDS central tabulator?

"All software (including firmware) for all voting systems SHALL incorporate measures to prevent ... unauthorized operations by ANY PERSON. Unauthorized operations include, but are not limited to: MODIFICATION OF COMPILED OR INTERPRETED CODE..."

This is exactly the "unauthorized operation" that Hursti performed in Leon County on May 26 and Dec 13 2005 in the Black Box Voting projects. Thompson's Visual Basic GEMS hack was also an "unauthorized operation" of the code, and the alterations in the Sequoia WinEDS code demonstrated by Jeremiah Akin are also "unauthorized operations."

When public officials and vendors explain to you that these hacks are not relevant because they require inside access, note that this FEC requirement applies to both outsiders and INSIDERS.

And did the vendor ever supply adequate "penetration analyses"?

"The vendor shall provide a penetration analysis," the standards say. Setting aside for the moment the sheer stupidity of relying only on a profit-seeking vendors assessment of their own product weaknesses, the Diebold memos show that Diebold knew that its customized AccuBasic code could be altered to "do just about anything." Therefore, unless Diebold identified this in the "penetration analysis" it was supposed to provide to the labs, it was out of compliance with FEC guidelines.

From: Guy Lancaster
Date: Thu, 18 Nov 1999

"The 1.94w firmware does not keep a checksum on the Accu-Basic report program stored on the memory card. It sounds like that area has been corrupted on these but without a checksum, the Accu-Vote doesn't recognize the fact and report the error..."

From: On Behalf Of Steve Knecht
Sent: Tuesday, February 05, 2002 9:54 AM
Subject: AccuVote Tapes Results Report

> could we get an AccuBasic Report Option that just printed out the label and the ballots cast by precinct only for the zero and election night

Reply: "We can do just about anything."

So, Diebold knew that the AccuVote results reports could be programmed to "do just about anything" and Diebold also knew that "firmware does not keep a checksum on the Accu-Basic report program stored on the memory card."

Did Diebold include this KNOWN information in its "penetration analysis"?

If so, why are the testing labs (Ciber and Wyle) still in the business of examining elections software?

If not, why is Diebold still in the elections business?

Not only is the memory card exploit findable and documented in the public record (at least since 2003 when the Diebold memos were released), but another "unauthorized operation," the use of a Visual Basic script to hack the GEMS central tabulator, has been widely known for years. The use of the MS Access database to perform unauthorized functions was publicly revealed by Black Box Voting in July 2003, but was documented by Diebold programmers back in Oct. 2001.

Aside from the memory card problems, were the GEMS penetration points documented in the penetration test sent by Diebold to testing labs?

Regardless, why didn't state and independent evaluators identify the problems and speak up?

Public records obtained by Joan Quinn reveal that California voting system examiner Steve Freeman did a five-hour "security examination" of GEMS after the exploit holes were documented publicly by Black Box Voting -- yet he recommended certification of the system, even after a critical protective measure for GEMS hacking was stripped out of the Diebold central counting system.

What is in his report on this? Black Box Voting has requested a copy, but due to the bizzaro-world nondisclosures, we believe we may be turned down for "security" reasons (even though it was Black Box Voting that first publicly identified the GEMS defects, on July 8, 2003!).

FEC standards:

"Such penetration analysis will be subject to strict confidentiality and non-disclosure by the test authority. For security reasons, the penetration analysis shall not be routinely distributed to the jurisdictions that program elections. The penetration analysis, however, will be part of the escrow deposit."

How many secretaries of state have violated their own election laws?

Many states have election laws that state something similar to this: "systems be safe from 'fraud or manipulation'."

Let us examine for a moment the responsibility of secretaries of state under their own legal responsibility to ensure that their voting system is "safe from fraud or manipulation."

- If the FEC standards requires that the ITA-examined and vendor-supplied "penetration analysis" be submitted into escrow, does the secretary of state have a duty to examine the penetration analysis?

- If a secretary of state authorizes a state examiner to look at the system, does the secretary of state have a duty to enable said examiner to conduct an unfettered examination, review federal testing lab reports, including vendor's "penetration analysis" and any testing lab comments on it?

- If so, does the secretary of state have an obligation to obtain the report of his own state examiner?

Why would a secretary of state have his contractor negotiate/sign the NDA with the vendor, rather than the Sec. State's office?

If a nondisclosure is used at all, would not the correct party for the nondisclosure agreement (NDA) be the secretary of state, with the sec. state then invoking his own NDA on the state examiner?

In other words, it seems that a strange breach of duty may have occurred in locations where state examiners were forced into NDAs directly with vendors. Because the Secretary of State has a fiduciary duty to the taxpayers to ensure that voting systems are safe from manipulation, the examiner must be given free rein to disclose any and all findings with the secretary of state.

Thus, any NDA should be between the secretary of state and the vendor, with an employment or consultant's agreement executed between the secretary of state and the examiner. It is the secretary of state's duty to protect his own examiner from retaliation from the vendor.

Instead, it appears, the secretaries of state have stepped aside, have failed to provide examiners with the materials and access to the voting system reasonably required to perform an examination, have apparently failed to provide examiners with access to the penetration analysis, have failed to protect examiners from legal retaliation by the vendor, and therefore have failed to obtain the necessary information to "ensure that the system is safe from manipulation."


Permission granted to copy, distribute, reprint, or cite only if any
further dissemination includes the link
and credit given for the source of the information.

© Scoop Media

World Headlines


At The UN: Paris Climate Agreement Moves Closer To Entry Into Force

The Paris Agreement on climate change moved closer toward entering into force in 2016 as 31 more countries joined the agreement today at a special event hosted by United Nations Secretary-General Ban Ki-moon. More>>



Gordon Campbell: On The End Game In Spain (And Other World News)

The coverage of international news seems almost entirely dependent on a random selection of whatever some overseas news agency happens to be carrying overnight... Here are a few interesting international stories that have largely flown beneath the radar this past week. More>>

Amnesty/Human Rights Watch: Appalling Abuse, Neglect Of Refugees On Nauru

Refugees and asylum seekers on Nauru, most of whom have been held there for three years, routinely face neglect by health workers and other service providers who have been hired by the Australian government, as well as frequent unpunished assaults by local Nauruans. More>>


Other Australian Detention

Gordon Campbell: On The Censorship Havoc In South Africa’s State Broadcaster

Demands have included an order to staff that there should be no further negative news about the country’s President Jacob Zuma, and SABC camera operators responsible for choosing camera angles that have allegedly made the President ‘look shorter’ were to be retrained... More>>


Gordon Campbell: On A Bad Week For Malcolm Turnbull, And The Queen

Malcolm Turnbull’s immediate goal – mere survival – is still within his grasp... In every other respect though, this election has been a total disaster for the Liberals. More>>


Gordon Campbell: On Bidding Bye Bye To Boris

Boris Johnson’s exit from the contest for Conservative Party leadership supports the conspiracy theory that he never really expected the “Leave” option to win the referendum – and he has no intention now of picking up the poisoned chalice that managing the outcome will entail... More>>


Get More From Scoop

Search Scoop  
Powered by Vodafone
NZ independent news