MD Diebold Review a "Whitewash in the making"
SBE Hiring a Diebold Apologist Rather to Conduct Tests of Diebold Machines
PRESS RELEASE: TrueVoteMD.org
SBE Responds to Calls for Independent Testing of Diebold Machines By Hiring a Diebold Apologist Rather then a Security Expert to Conduct Tests.
TrueVoteMD Calls Review a "Whitewash in the making"
Montgomery County: Over the past five months, a Finnish security expert Hari Hursti has tested Diebold voting systems used in many states. He found serious security vulnerabilities both in the software, PCMCIA cards that record votes and in the procedures surrounding the voting machines. One of these vulnerabilities was detected by a Maryland security assessment two years ago, but Diebold never fixed the vulnerability. The newest attack is so serious that experts are afraid to talk about its details publicly.
As these security vulnerabilities became known the Governor expressed his view that he no longer trusted the machines. Candidates and citizens called for independent testing of the machines and John Hopkins Computer Expert Avi Rubin challenged the State Board of Elections to find computer scientists who would verify that the system is secure.
In response to this widespread pressure from citizens, voting security experts and political leaders, including TrueVoteMD, The Maryland State Board of Elections recently hired Freeman, Craft and McGregor Group Inc., to do an assessment of Diebold’s voting system security. However the selection of this Florida firm to do the analysis has itself raised questions.
Paul Craft is a partner in Freeman, Craft and McGregor. “We did some research into Paul Craft’s firm and have serious concerns as to their qualifications as security experts. There has been a lot of criticism of Mr. Craft in regards to the weakening of security procedures during the time he was assisting NASED in creating voting system standards in 2005,” said Alex Zeese of TrueVoteMD.org. “ We have some of the best computer experts in the country right here in Maryland who have been very critical of the Diebold machines. The SBE should have had these well-qualified critics test the machines in order to restore confidence of voters and political leaders. The selection of this group is a whitewash in the making. With this firm conducting the test the outcome is predictable."
TrueVoteMD has compiled research into Freeman, Craft and McGregor, which shows a history of favoritism towards the Diebold Corporation and a failure to recognize the seriousness of security flaws. Mr. Craft, in particular, was involved in the revision of the national voting system standards. He consistently advocated relaxing standards in favor of the machine manufacturers. Another partner, Steve Freeman, was hired by the state of California to check for problems on their voting machines, after Maryland released the RABA report. The RABA Report raised concerns about the security of the GEMS Tabulators, that tabulate the results from all the machines in a precinct/county. Despite the risks reported by RABA and CompuWare, Freeman has repeatedly recommended the tabulators.
TrueVoteMD has published a summary of concerns about the group picked on line at: http://truevotemd.org/content/view/474/82/
It is also below:
Lamone Finds a Firm that will approve Diebold paperless voting
The SBE has announced that they will be giving a no-bid contract Freeman, Craft, McGregor Group, Inc. to test Maryland’s voting system for the latest round of security vulnerabilities that have been exposed regarding Diebold’s TSX machines.
TrueVoteMD is concerned that the SBE has hired a firm that includes Paul Craft as a principal–rather than a firm that has been a critic of the system – or at least someone who has not shown a bias in favor of Diebold.
The firm, Freeman, Craft, McGregor Group, Inc., was created by former Florida elections official Paul Craft. Mr. Craft who has been a professional apologist for the Diebold system since its initial contracts were signed by the State of Maryland -
Paul Craft: Bias in favor of Diebold, paperless voting; an advocate for manufacturers, and tied to the infamous Florida voter purge
Mr. Craft has consistently blocked proposed security measures, in regards to paper trails. A report on an Election Assistance Commission (EAC) meeting describes his open alliance with manufacturers of voting equipment:
Paul Craft, another member of the
committee, then suggested that they hear from the vendor
engineers who were in the audience to see what they would do
about the proposed standards. At this point, Dr. Semerjian,
the chairman of the committee and the Director of NIST, said
that the TGDC is not in existence to approve existing voting
systems, nor rubber stamp state decisions. The committee
then went on a break.
Upon return from the break Paul Craft announced that he had talked to the vendors and that they did not like some of the standards. A vote was then held and those standards were deleted.
Another example is a January 28, 2005 letter by Fernando Morales to the Election Assistance Commission (EAC) entitled: Paul Craft’s Questionable Behavior. The letter claims that Paul Craft has consistently watered down security measures in favor of the machine manufacturers rather then take the warning of security experts into consideration. See: http://vote.nist.gov/ecposstatements/morelascraftcomment.pdf#search='paul%20craft%27s%20questionable%20behavior'
- Further, reports link him to the controversial Voter Roll Purge in Florida in 2000 and 2004. Vanity Fair reports that in 2000 Paul Craft was told about how the purge would adversely affect minorities in Florida yet did nothing to stop the purge from occurring, despite being in a position to do so. See: http://www.makethemaccountable.com/articles/The_Path_To_Florida.htm
- Paul Craft is not a qualified security analyst; his degree is in Hotel Management.
His full resume can be found at: http://web.archive.org/web/20050308061207/paulcraft.net/resume.html
Steve Freeman: Approves machines despite security vulnerabilities
Steve Freeman also shares a bias in favor of electronic voting. He has shown his willingness to ‘look the other way’ and certify election systems despite security vulnerabilities. The description below demonstrates his work in California:
VOTING MACHINE EXAMINERS CHICKENING OUT OF SENATE INVESTIGATION
It took Dr. Thompson less than five minutes to identify the fatal flaw in the GEMS tabulator. Both federal and state certifiers should be asked why they have repeatedly approved GEMS for certification. Did they not understand that a Visual Basic Script can be used to hack a Microsoft Access application? Did they not know GEMS uses Microsoft Access? Do they believe that using a voting program that is hackable with a simple script is secure?
The Steve Freeman time sheets reveal that he specifically billed the state of California for testing in response to the RABA Technologies report and the CompuWare report. His time sheets show an additional five-hour examination of GEMS security. The August 18, 2004 CompuWare report rates the GEMS risk High,High, High and the RABA report says that GEMS should be rewritten entirely.
Freeman needs to be asked, under oath, why he repeatedly recommended GEMS for certification even after numerous reports detailed its security flaws. As recently as November 2005, Freeman recommended GEMS for certification again, this time admitting that there were defects but saying they were planning to find a way to mitigate them. (However, California has not yet mitigated the defects, but will continue to use GEMS.)
Kate McGregor: epitomizes the revolving door between ‘regulators’ and private industry.
Kate McGregor formerly worked for David Drury of the Florida Bureau of Voting System Certification. She initially entered the group as a silent partner while working for the Florida state government. In an email exchange from Paul Craft to Bruce MacDannold Mr. Craft reveals that he and Steve Freeman have a silent partner named Kate MacGregor. Craft states McGregor is a current employee of the state of Florida but is currently working on her exit strategy, i.e. putting in place contracts for when she leaves office.
On January 5, 2006 Craft states:
"Thus far in the consulting practice, in addition to investment, her involvement has included helping me decide upon and create the corporate structure, developing marketing plan, and assembling proposals, I anticipate she will probably come on board full time, sometime in February. We are planning for her to allow us to expand the practice in the areas of best practices, Security Procedures, acceptance testing, System Validation, and Disaster Recovery."
This can be found at: http://www.washburnresearch.org/archive/FCMGroup/CraftMcGregor01.pdf