[R-G] NEWS BULLETIN: Decertify It? Irreparable Problems Revealed in November Election
talion at ix.netcom.com
talion at ix.netcom.com
Fri Feb 14 02:12:20 MST 2003
---- NEWS BULLETIN ---- PROVIDE ANSWERS, UNDER OATH, OR DECERTIFY IT:
IRREPARABLE PROBLEMS EXPOSED IN NOVEMBER ELECTION
[Diebolds election machines are used in 30 states and five Canadian provinces]
Many more details, including more information for techies and reporters, at:
http://www.blackboxvoting.com/security.html, with full text of interviews at http://www.blackboxvoting.com/patch-interviews.html
FEB 14 2003 -- In January 2003, a strange folder called rob-georgia was found at Diebold Election Systems. Diebold is the firm that built and programmed every voting machine in Georgia. Inside this rob-georgia folder were three more folders. One had instructions to place new files in the GEMS folder. GEMS is the Diebold program that manages elections. Another folder instructed the user to replace some existing GEMS files. A third folder instructed the user to replace Windows operating system files with its contents and run a program.
A single, certified, and supposedly carefully examined version of the actual vote-counting program is allowed on the voting machines. The new Diebold voting machines in Georgia are computers, and people sometimes do install file replacements on computers. Its called installing a patch and usually repairs some minor bug, or adds new features. But whenever files are replaced, there is potential for them to trigger unexpected things. Sometimes, installing a program patch can cause hidden programs to run in the background.
Thats why the curiously named rob-georgia file and its contents disturbed many people in the programming community. WHO was replacing files, WHERE were they replacing files, WHY were they replacing files?
WERE they replacing files?
Yes, it turns out, they were. Officials from the Georgia Secretary of States Office now admit that a program fix was administered to all 22,000 Georgia voting machines shortly before the November election, reportedly to correct a problem with video screens freezing up. According to Michael Barnes, of the Georgia Secretary of States Election Office, Diebold supplied memory cards with program patches on them, and then 20 teams of technicians were deployed to drive around the state installing the patch, which went into every one of the machines in all 159 counties.
Heres how it was done, according to Barnes, The actual installation was a matter of putting in a new memory card. It took about one and a half minutes to boot up. They take the PCMCIA card, install it, and in the booting up process the upgrade is installed."
Surely someone examined exactly what was on those memory cards that were installing the new, updated program? According to Barnes, Wyle Labs, an independent federal testing lab for voting machines, said the patch did not need to be certified. "I don't know if there was ever a written report by Wyle [about that]. It might have been by phone," he adds.
Dr. Brit Williams, who is the independent examiner for Georgias voting machines, said it was not necessary to do a line by line examination of what was on the cards containing the patch. "We were assured by the vendor that the patch did not impact any of the things that we had previously tested on the machine, he says.
Though nobody seems to have examined the computer code on the cards, everybody insists that they never put the rob-georgia files on any voting machines. Since the rob-georgia files were on a public web site, however, anyone with a laptop could have downloaded the rob-georgia files to install them on a substitute card. Surely, great care was taken to monitor chain of custody every step of the way, from creating the cards to making sure no one substituted a different one?
Bev Harris, the author of Black Box Voting: Ballot-Tampering in the 21st Century, asked Dr. Williams what security measures had been taken with the cards.
"That's a real good question, said Williams. Like I say, we were in the heat of the election. Some of the things we did, we probably compromised security a little bit -- Let me emphasize we've gone back since the election and done extensive testing on all this."
Harris asked Dr. Williams whether there was a digital signature, a method used to flag unauthorized program changes. He said that the Diebold voting machines are indeed protected by such a system. Certainly, then, this digital signature was checked after the patches were installed?
Apparently not. Barnes indicated that Dr. Williams did it, but Dr. Williams said that he examined the digital signature BEFORE the patch was installed, when the machines arrived in Georgia, during the acceptance screening. Some sort of spot-check was done after the patches were installed, but the tests Dr. Williams described made no mention of a digital signature check. But lets assume that a spot check of the digital signature was done. Which machines were spot-checked, and where?
"What way would there be to make sure nothing had changed between the time that you took delivery and the election?" asked Harris. "Well there wouldn't -- there's no way that you can be absolutely sure that nothing has changed," said Williams.
"Wouldn't it help to check that digital signature, or checksum, or whatever, right before the election?" asked Harris. This would be a way to ensure that no one tampered with the code on those patches, or installed unauthorized programs at any other time prior to the election. "Well that is outside of the scope of what some of the people there can do, said Williams.
So there was a folder called rob-georgia, and hopefully rob is a name and not a verb, but nobody used that folder, and no one at Diebold has claimed responsibility for the rob-georgia folder, or even explained what it was there for. All anyone knows is that rob-georgia was available to anyone with a modem and it contained replacements pertaining to the election program and the Windows operating system.
And there were files being replaced, all over Georgia, in fact, on all 22,000 voting machines, but no one ever examined exactly what was in the replacement files. The security surrounding the memory cards used to patch the machines is a real good question and in the heat of the election maybe security was compromised a little bit, and apparently no one bothered to check the digital signature, which flags unauthorized program changes, at the time of the election.
But theres more: Diebold technicians now admit that they had parked a whole bunch of Diebold voting machine files on a publicly available web site that anyone could access. Surely none of these files were sensitive, were they?
Lets put it this way: Diebold's unprotected FTP site contained exactly the files most important to anyone intent on tampering with an election: source codes, executable vote-counting programs, patches, hardware and software specifications, technical drawings, database and ballot configurations and testing protocols.
The official story: Touch Screens were freezing up in Georgia. Diebold sent a program patch, it affected only the Windows operating system, there was no need to examine the patch, no one used the unprotected FTP site, it was impractical to check the digital signature to see if anyone had made unauthorized program changes, and the election was a long time ago, so get over it.
But some Georgia citizens are demanding answers. Not answers over the telephone, or from a company press release, but specific answers, under oath, fetched by subpoena, cross examined and exposed to the full depth and breadth of discovery procedures. Some Georgia citizens want to make sure this can never happen again.
One Georgia resident is looking for attorneys and irritated citizens in each of Georgias 159 counties to file multiple individual lawsuits all at once.
Bev Harris, the author of Black Box Voting, is just looking for someone to answer a few questions about this. Shes been told its none of her business.
-- Black Box Voting: Ballot-Tampering in the 21st Century --
To interview Bev Harris, go through http://www.blackboxvoting.com
More information about the Rad-Green