Guest Blogged by Michael Dean…
The software most likely to steal elections is the BALLOT DEFINITION SOFTWARE loaded onto paper-based optical-scan and DRE (usually, touch-screen) voting machines in county elections offices across the U.S. just before the machines are sealed with security tape and transported to election polling locations.
And yet, the frightening reality is that there is little or no oversight of that software itself, nor of the people — usually sub-contractors, who could be anyone from a non-U.S. citizen, to a criminal, to a political party operative — who program that ballot definition software. Moreover, there is little or no testing of such software, despite the fact that it stores the ballot positions for all candidates and initiatives on every ballot, on every voting machine, and tallies the votes for all of them on election day.
For all of the concerns about election fraud, via the electronic voting systems in use across the nation today, and the eye on the source code for the software itself, few seem to have their eye on the ballot definition software, which can — even on e-voting systems where the hardware, and main program software has been tested, certified, and audited — succeed in flipping an election without detection, either by error, or on purpose.
Concerned yet? Read on…
What is Ballot Definition Software?
Ballot definition software is constructed for each election and defines the ballot positions for each candidate and proposition for each voting precinct. Miami-Dade County in Florida [PDF], for example, has 750 voting precincts and usually requires several hundred unique ballot definitions for federal general elections.
As Ellen Theisen of VotersUnite.org attempted to warn in her 2004 study, ballot definition software creates the ballot image that people see on the screens of every brand of DRE/touch-screen voting machine. DRE/touch-screen and paper-based optical scan machines use ballot position coordinates, also coded in the software, to determine how finger touches on the touch-screen, or marks on the paper ballot, are mapped to candidate positions on the ballot. The software tabulates finger touches and marks on paper ballots as candidate votes and then stores those tabulated vote counts in the machine’s “virtual ballot boxâ€, the data memory card itself. Finally, ballot definition software then tallies final election results when the polls close on Election Day.
Public Inspection of Ballots, Ballot Boxes and Ballot Counting
All DRE/touch-screen and paper-based op-scan manufacturers and vendors hold that all software, including the ballot definition software, is proprietary and confidential (a trade secret) and may not be inspected by county election officers, election judges, candidates or citizen election observers. Moreover, judges have accepted this proprietary and confidential argument.
For example, presiding Florida Circuit Court Judge William L. Gary denied plaintiff Christine Jennings’ motion to allow review of the software code for the DRE/touch-screen machines used in the contested 2006 U.S. House race between Democrat Christine Jennings and Republican Vern Buchanan for Florida’s 13th district where 18,000 votes mysteriously went missing from the machines.
Many states have, within their election code, laws that give public observers the right to inspect ballot boxes to make sure they are empty and to inspect ballots to make sure they are accurate and complete before the polls open on Election Day. (Example: New Hampshire Election Code Section 658:36 Inspection of Ballot Box – At the opening of the polls, the ballot box shall be publicly opened and shown to be empty; and the election officers shall ascertain that fact by a personal examination of the box. eff. July 1, 1979) Many states also have within their election code laws that allow public observers to watch election clerks open ballot boxes and count the ballots at the end of the Election Day.
That ballot and ballot box inspection laws are on the books of most states — due to a long and dismal history of election fraud, in both rural areas and big cities — demonstrates that every election process used throughout history has been exploited by corrupt elements.
Ballots and ballot boxes constructed of software and silicon, therefore, are no different in practical purpose and democratic significance than ballots and ballot boxes constructed of paper and metal. Election inspection and observation law is the guarantee for democracy; The laws guarantee that election judges, candidates and citizens have the right to inspect ballots and ballot boxes and observe ballot counting as democratic insurance for fair and true elections.
Activist Judges, such as Florida Circuit Court Judge William L. Gary, who accept the voting machine industry’s “proprietary” and “confidential” arguments and rule that ballot definition software may not be inspected by county election officers, election judges, candidates or election observers, in fact, create new election law from the bench that runs contrary to ballot and ballot box inspection and ballot count observation laws already on the books of nearly every state.
DRE Voting Machines Used in Over One Third of U.S.
In the November 2006 general election there were 1,142 counties using DRE/touch-screen voting machines (36.63 percent of all 3089 U.S. counties) and 1,752 counties using optical scanners. This tabulates to 2,894 counties and 161,111 voting precincts that depended on ballot definition software written in the weeks just before each election.
Touch-screen voting machines are identified as direct recording electronic (DRE) devices because voter ballot selections on the touch screen are directly recorded as ballot tally counts on data memory cards. No paper ballot or other reliable record of voter intent remains after voters step away from DRE voting machines. When ballot tally count anomalies arise, such as in the 200 FL-13 race where 18,000 votes went missing from DRE machines, no ballot recount is possible.
In precincts using paper-based op-scan counting machines, voters mark paper ballots, which are scanned, counted and stored in actual, physical ballot boxes. Paper ballots, which remain after voters leave the polling place, can be hand counted and compared to op-scan tallies when, and if, ballot count anomalies arise.
For the 2008 primary and general election season, the use of DRE/touch-screen voting machines has decreased slightly, while the use of optical-scanners has increased across the U.S. While the numbers have shifted slightly over the past two years, the total number of election jurisdictions using some type of electronic machine running ballot definition software at polling places or the central elections office for ballot tabulation continues to increase.
Who Creates Ballot Software for Each Election?
The task of creating ballot definition and tallying software is so large and complex that many counties contract the work to voting machine vendors or consulting/programming companies. Most vendor and consulting companies themselves do not maintain a staff of programmers large enough to write all the ballot definition software for all the voting precincts of all their county elections office customers across the U.S. Therefore, the work is often assigned to yet another layer of temporary or sub-contracted programmers. These sub-contractors may, or may not, be U.S. citizens.
Who checks the credentials of all these contract programmers writing “last minute” ballot software? Who asks if contract programmers work for a foreign government, other foreign interest, political party or candidate up for election? Who asks if they have criminal records? Who checks to make sure they do not have connections to a Karl Rove-type political operative? Who performs detailed audits or certification testing of the ballot definition software they write?
The frightening answer to all questions is – no one!
Who Certifies that Ballot Software is Error Free?
You’ll not like the answer to that question either.
Paper-based op-scan and DRE/touch-screen voting machines all have some form of firmware software that controls basic hardware functions and Operating System (OS) software, something like the Microsoft Windows system that runs on your home computer. Together, those elements provide the application system operating environment. Election Application System (EAS) software, which runs within the operating environment, supports and controls the operation of ballot definition software.
Voluntary voting system standards [PDF], developed by the U.S. Election Assistance Commission (EAC) and the National Association of State Election Directors (NASED), require that the specific versions of all software, including firmware, OS and EAS, that runs in voting machines on election day, must be subjected to a software audit and be stored in escrow.
The software packages that programmers use to create ballot definition software modules, however, are not subject to these auditing and escrow rules.
County and state election officials and voting machine industry representatives often insist that voting machine software is “certified†and secure because the Firmware, OS and EAS software has been audited (if meagerly, at the federal level) and is stored in escrow by a software auditing company. Even at that, not all states and voting machine manufacturers fully comply with the EAC and NASED regulations to audit the exact versions of software that run in voting machines on election day.
While some version of the firmware, OS and EAS software for some voting machine manufactures’ equipment may be audited and stored in escrow, ballot definition software, hurriedly written in the weeks just before each election, is not independently audited. Ballot definition software is not submitted to any independent testing laboratory for audit and often it is not directly tested [PDF] by county election officials, as VotersUnite’s Theisen warned, to little notice, so many years ago.
Furthermore, memory cards/modules, on which ballot definition software is delivered to county elections offices, can also carry other software components that can update — secretly, as necessary — firmware, OS and EAS software as the ballot software is loaded onto each and every voting machine.
Even if the version of firmware, OS and EAS software installed on voting machines is the audited and certified version, such updates from memory cards/modules invalidate the audit, unless they have been scrupulously logged, audited and tested. But that doesn’t happen.
County election officials across the U.S. all too often do not carefully inspect those memory cards/modules to know exactly what software components may be loaded onto their voting machines. In fact, it is the contractors who often load the memory card/module contents onto voting machines.
After elections, it has become nearly impossible for citizens to inspect those memory cards to ensure they were accurate, error and fraud-free, as we saw after New Hampshire’s recent primary when even the candidates who paid for recounts, were denied the ability to inspect the memory cards used across the entire state to count some 80% of the votes.
Those election jurisdictions that do test their ballot definition software, often simply execute a testing procedure written by the same contractor that delivered their ballot definition software. Yes, the person that writes the ballot definition software often creates its certifying test procedure.
A few counties across the U.S. do construct their own test procedures to augment the test procedures delivered by their contractors. But even when these basic function testing procedures are executed, they are run in a “test election†mode rather than the actual Election Day mode, so the ballot definition software is never subjected to a true Election Day field test. For those who know how computer work, and how to hack them, it’s a simple trick for malicious software to determine what day and time it is, and what mode the computer may be in, before determining if an embedded hack routine should run, or lay dormant until the moment it’s actually needed.
For the 2006 general election then, some significant portion of 2,894 County Election Administrators implicitly trusted some programmer, likely unknown to them, to write 100% accurate, honest and bug free ballot definition software for their 161,111 voting precincts. Election Judges, candidates and citizens in those 161,111 voting precincts were not allowed to inspect the ballots and ballot boxes or observe the ballot count. Had the [DRE touch-screen voting machine] ballots and ballot boxes used in Florida’s 2006 13th district U.S. House race been scrupulously inspected, perhaps 18,000 votes would not have gone missing on election day.
Is Ballot Software Safe?
After 50 years of software research and practical experience, computer scientists fully understand how vulnerable all software, particularly election software, is to inadvertent bug malfunction or malicious perversion. Given optical ballot scanner and DRE touch-screen voting systems use freshly written ballot definition software for each and every election, which at best is only lightly tested, computer scientists know with certainty the probability of software “bug†malfunction is extremely high where software is not rigorously audited, tested and controlled.
Yet county and state election officials and Judges who little understand the science of computer software, so far, dismiss all warnings from the community of computer scientists that the probability of inadvertent bug malfunction or malicious software perversion is very high for electronic voting systems.
Even when voting machine system error seems the more probable explanation when ballot count anomalies do occur, voting machine industry executives immediately threaten legal action against anyone connected to any attempt to inspect any part of the software ballot box.
So far, when ballot count anomalies arise, particularly in precincts using DRE/touch-screen voting machines, the courts have held that the corporate interest in proprietary and confidential software copyright laws overrides the public interest in election laws that mandate transparent public inspection of ballots, ballot boxes and ballot counting! Candidates and the public have no right to inspect DRE machine software ballot boxes. In precincts using paper ballots with ballot count op-scan systems, candidates and the public are at least able to inspect and recount the paper ballots when questions arise…presuming the chain-of-custody for those ballots has been secured, but that’s another matter entirely.
Conclusion
The frightening truth is, local election officials often make no effort to rigorously certify that ballot definition software, freshly written just before each election, is accurate and bug free or that someone in the software chain of custody did not nefariously insert a few extra lines of software code that activates only on election day to flip votes or rig vote totals, before then self-deleting itself at the end of the election day.
The more that unchecked and untested software is used in the administration of elections, the more election officials — and the citizenry who allows it — hand control of elections over to unchecked and unseen computer programmers.
It is so easy for a political partisan or foreign government to entice or direct contract programmers writing or handling ballot definition software to stuff the software ballot box as they perform their legitimate duties. Even just a few motivated partisan programmers each working independently could easily throw an election! Worse, given that many of the systems in use today have been found as vulnerable to viruses as your home computer (arguably, even moreso, since they do not use anti-virus software with regular updates), it could require only a single programmer to flip an entire election.
Six years after George W. Bush signed the Help American Vote Act of 2002 (HAVA), allocating some $3.8 billion of taxpayer money, most of which was directed straight to electronic voting machine corporations, elections are less transparent and less secure than ever before.
DRE voting is more dangerous than paper-ballot systems because it opens the door to wholesale errors and cheating. A single bug, or malicious software instance installed by a single individual, can be distributed to thousands of machines, which could then undetectably change a very large number of votes. This is the opinion of such prestigious institutions as the Massachusetts Institute of Technology and the National Institute of Standards and Technology [PDF] and the Brennan Center for Justice at NYU School of Law [PDF] – (Press Release and U.S. Senate hearing Written Testimony).
A few states and counties, too few, have heard these warnings and are studying the possibility of switching back to a paper-ballot based election system.
Paper ballots are not a magical guarantee of accurate and fraud-free elections. Indeed, there is a long history of error and election fraud with paper ballots, but with DRE voting, where the software ballot, ballot box and ballot tally are hidden from public scrutiny, it is nearly impossible to prove, or even detect, systematic election fraud. With a hand-marked paper record of each voter’s intent, along with laws already on the books of many states for public scrutiny of paper ballot election processes, we, the citizens of a free democracy, have at least a chance to detect and deter systematic election fraud through proper oversight and auditing of those paper ballots marked by voters.
We must also tell our elected representatives that they must enact laws to clearly mandate that the public’s interest in election laws that allow for the public inspection of all aspects of our public elections, must override the corporate interest in proprietary and confidential corporate software copyright laws!
===
Michael Dean has degrees in computer science and business administration and has over 25 years of experience in the commercial systems software sector. Michael’s background includes new software product development, technology business development and new technology business venture startup.
Finally, with 6 months to go before the most important election in US history, someone hits on the real problem with electronic (DRE) voting machines. When will we realize that an electronic voting machine “does the counting” and is programmed to do so under any criteria deemed appropriate by the person writing the code? In the 2004 election most all DRE machines were under the watchful eye of private companies in the pockets of the Republicans. This is not conspiratory speculation – this is a fact! He who runs the elections controls the outcome. Manipulation of software without bipartisan oversite is a dead giveaway for election fraud. The tragedy is it is easy to go undetected. The writer is correct. The software laws in this country are overdue for major legislative change. New Murphy’s Law: If there is a way to steal an election, the new DRE machine is the tool needed to accomplish the goal. We have to be the dumbest asses on earth to let this happen in America! Where is the Legislative OUTRAGE to let this slip by un-noticed? Why does this blog “dance around” the main cause that allows election to be stolen right under our noses?! Proprietary Software is the key that has been given to the foxes that patrol the hen house. Please!? You MIT people with state of the art programming knowledge sound the alarm on this issue. Call your congresman and speak out against Proprietary Software. No private company should have the final say in the outcome of our elections. Keep elections honest. Proprietary Software be damned!!
Wow. Thanks for this great summary. If I had to put it into one word, it would be: privatization.
Perhaps ‘rolling back the privatization of voting systems’ could be an effective way to frame this to achieve rapid response.
Excellent report, Michael. THANKS.
My county, and many counties across the nation, do their own ballot programming. My county uses Optech Eagle IV-Cs (we are all vote-by-mail) to count the paper ballots. The county has software provided by Sequoia and they just plug in the names and positions on the ballots. I know it’s not really that simple but in a nut shell…..
The real issue is that the Help America Vote Act (HAVA) has a requirement that is ignored. Section 301(a) is a set of standards that are state and local jurisdiction responsibilities. Among those is 301(a)(5):
The error rate defined by Section 3.2.1 of the 2002 Voting System Standards is:
Thus if there is even one error not attributable to the voter in an election the county who used that voting system may be in violation of federal law depending on the size of the ballot.
One would think that a county would want to ensure their system meets federal law but, instead, this law is ignored.
The good news though is that this is a Section 301 mandate and as such we, the people, have a right to challenge this use of untested software.
Section 402 of HAVA requires every state to have a complaint process so we the people can formally complain about violations to Section 301. We need to use this right and make ourselves heard.
Your state should have a complaint process already in effect. You should find it on your Sec. or State or State Elections Office web site. Follow the instructions and file a complaint if you have one. Remember that they must be Section 301 violations and not “I want a paper ballot” or “The lines at the polls were too long”.
Thanks for this piece. The critical mass is forming that the dre’s have to go.
While some fake liberals like Mark Lindeman continue to spam their election fraud debunker sophistry, others seem to be quite content with using alternative electronic counters.
The danger remains that even if obvious suspects such as diebold type machines are banned, they could simply be replaced with more insidious types of electronic machines. The person who started the DU thread I linked to above took a swipe against Kster in this related thread. Kster is the one who proclaims loud and clear that he or she wants hand counted paper ballots.
Why are we supposed to put so much faith in some optical scan replacement? That still doesn’t ensure the ability for proper recounts and fair elections.
Sure, on the surface it is a much better method. But by how much? At some point the broken record of the Lindeman’s are no longer taken seriously. But then you still have folks like him and Wilms covering up the election fraud.
So are we supposed to believe that RFK Jr., Crispin Miller, Bev, Brad, Fitrakis and Wasserman, and others who have documented election fraud are really the ones who are being listened to? Or are we about to get another Fitzmas, where on the surface it seems like we the people are finally witnessing some justice, but in fact we are simply getting the bait and switch to a kinder and more gentle form of injustice?
I showed this article to our Deputy Secretary of State Lesley Mara (this is in CT), and here is her reply:
At present, unenforced random memory card checks are being done, and some towns apparently sent one card while Premier installed another. Legislation trying to make 100% pre-election memory card checks mandatory (not sure about post election) was proposed in CT this session but failed to pass.
What this failed legislation did NOT provide was comprehensive security provisions — the cards were going to be programmed by LHS, sent to UCONN to be tested, then securely sent to the ROV. Once the cards arrived at the registrar’s office, from there the chain of custody ball was legislatively dropped. The good news is that programming changes would seem to have to be done a site at a time. the bad news is that in a local election, one site (the main machine storage site) could be enough.
Correction to last post: towns apparently sent one card while LHS provided another.
John #4
In any election the one who loads the last software module s/he wrote into the machine is the one who programmed it. 😉 … but seriouly I got your drift …
Michael Dean,
Welcome. Forgive me if I missed any of your earlier posts at Bradblog. This seems to be a first.
What is your take on Strider, a world class cracker, being GOP head in SD and a treasurer of the California GOP? (see Bradblog coverage and original RAW STORY exclusive).
Loading rogue modules to do the ballot definition routines would be routine to FairLight.
Excellent report, Michael! Thanks so much for this succinct play-by-play. Anyone wanna see what a MANUAL OVERRIDE of the DIEBOLD CENTRAL TABULATOR LOOKS LIKE?
http://www.youtube.com/watch?v=KNHE7H0DMxo
Just finished this eye-opener from (guess where)…? Yup–SARASOTA, FLORIDA. New system, same old dirty tricks.
SOS Kurt Browning and my dubious, devious S.O.E. KATHY DENT did their very best (and succeeded in some counties) to prevent ELECTION and COMPUTER EXPERTS from observing the vote count in FLORIDA–the amazing SUSAN PYNCHON (“Hacking Democracy”) was BARRED/ as was the fabulous ELLEN BRODSKY of BROWARD CO. This scares the be-jeezus out of me…
Now I know why they didn’t want anyone watching. Wish I didn’t.
Thanks again, Michael! Will circulate this article wide…
I knew I liked these guys for a reason
If it’s anywhere I’d like to live it would be there!
Want to stop alll the shell games? Get rid of the secret ballot. Then anybody can check as much of the vote as they want. Each and every time..
Everyone should read the article Pat #1 linked to. Brantl also makes sense by saying we need each vote always available for recounts.
I will trust that decent election integrity activists will be able to make sure that any electronic counting system used will be immune from either theft or glitches.
So what is the deal with hand counted paper ballots? Is that something that is being pushed by sincere activists?
How are we to be able to get recounts if people like Lindeman have the power to totally dismiss exit polls? I guess first things first, ban the electronic machines. That is a given.
Any opinions on hand counted paper ballots versus electronic counting of paper ballots? Can someone explain this to newbies like me?
brantl #11
If that comment doesn’t bring the zapkitty out of hiding, I will have to believe he is dead!
ZAP! Where are you?
HELP!
Get rid of the secret ballot? Ok, sorry, I thought he meant no dre’s. I thought he meant all ballots should be available without our names on it. Like Gore talked about the lock box, every vote must count, we must count every vote. I need a nap.
jeanie dean
well u have gone and done it,PROVED it doesnt really matter what the voters input, the election officials can “output” anything they want
“backdoor manuel override”
great video work!
This is the article that I would have written myself if I were more computer savvy. Well done! I just posted it at OpEdNews.
Joan Brunwasser, voting integrity ed., OpEdNews
The Help American Vote Act (HAVA) of 2002 also requires each state to implement a computerized, centralized statewide voter registration system. About 28 states have implemented the statewide voter registration databases and supporting data management software.
The software running in DREs, op-scans and election office vote tabulation computers is not the only election software that can be hacked to manipulate election results. The registration data and supporting data management software in statewide voter registration systems may be just as vulnerable – maybe more so…. But, that is a blog for another day…..
Creid #6 quoted a CT official saying:
“LHS does not out-source”?!!! LHS is an outsource! Is that official that daft, or disingenuous???
In addition to being Connecticut’s sole source for buying, servicing and programming the Diebold machines used there (and across much of New England), they are also a company whose directors have criminal records, and who have admitted to breaking the law by changing election cards during elections!
(Gotta get out of here right now, but you search BRAD BLOG for “LHS Associates” for details on the above!)
#1 Dave. I believe if you search on “Proprietary Software”, to the right>>>>>, you will find at least 136 articles on this very issue by Brad. (Some going back four years ago )
I wouldn’t call that dancing around the issue, more like people ignoring “election fraud” for years and some supposedly “progressive” blogs still doing so.
Thank you for this article; you have provided a very helpful summary.
Re this statement: Voluntary voting system standards [PDF], developed by the U.S. Election Assistance Commission (EAC) and the National Association of State Election Directors (NASED), require that the specific versions of all software, including firmware, OS and EAS, that runs in voting machines on election day, must be subjected to a software audit and be stored in escrow.
The link is to the NASED qualified systems, not the VVS. The VVS were developed by neither the EAC nor NASED, but by the FEC. The
VVS does not require the audit or escrow of software. If by “audit” you mean testing/qualification, the VVS does not require such testing, they are the standards to which systems are tested.
Michael~
You write:
“The registration data and supporting data management software in statewide voter registration systems may be just as vulnerable – maybe more so…. But, that is a blog for another day…..”
I’m VERY curious to hear more ’bout this! The SLAMMER WORM that hit our database in SARASOTA during early voting left me with a TON of questions. How are these data-base systems affected by such viruses? Can they then impact/ infect the actual VOTING EQUIPMENT? We were told no, of course, but then there were substantial problems reported during the first day of EARLY VOTING–machines were down, and then VOILA! Back up and running after a couple of hours, only to have SARASOTA VOTERS report trouble casting their vote for JENNINGS.
I know I speak for FLORIDIOT when I say: we can’t WAIT for more info on that juicy nube!
DREDD said that the last person who touches is the one who programmed the BDFs. What type of machine, DREDD? On the Accuvote-OS, in CT, the BDFs are contained on the memory cards, and programming is done by vendor; as I understand it, card is sent to towns and install into machine done by election officials. Last person to handle is election official, unless the machine is left unattended for, say 5 minutes and someone else handles it. If cards are part of a UCONN random sample, it should go I think from vendor or town to UCONN. I think there is legislative and logistical room for funny business, but not what you said. The vendor is not the last person to handle the card before the election except if some sort of service call were to occur prior to election that involved vendor’s presence (and not e.g. telephone advice).
Brad Friedman said:
“LHS does not out-source”?!!! LHS is an outsource! Is that official that daft, or disingenuous???
CT’s contract is with LHS, not Diebold, so in the context of the story, “LHS does not outsource” is a statement by the DSOTS that the programming done by LHS is done … by LHS. I cannot verify the statement, only repeat it.
Brad said: ” they are also a company whose directors have criminal records,” and the DSOTS has separately advised that Ken Hajjar does not work in CT by request of the SOTS. I don’t know if he does any work on behalf of CT — will have to check the wording of the DSOTS statement.
Brad said, “and who have admitted to breaking the law by changing election cards during elections.” CT towns have two machines each (one used; one backup) and have changed machines on election day (6 towns in nov 07, I think), sometimes with LHS’s assistance. I don’t think the memory card was changed out, but would have to go back and try to verify by looking at the service call reports.
So we have a vendor interacting with the potential election day requests of 169 towns in CT. The towns have something to do with what the vendor does, it’s not all on LHS’s back. That is not a deflection of LHS’s responsibility — it is an expansion to include the registrars, moderators, and SOTS for their actions related to the election.
LHS’s website has posted the directions for changing the date and time on voting machines for almost all the New England states (Maine and one other are the exceptions). I’m not sure why this needs to be posted to a public website, but it is. This information I am sure is not so difficult to figure out or access, but it would seem smart to separate with a password the duties of programming of date and time from the reporting of election results, wouldn’t it?
Especially where the machine stores the audit report information in the removable memory card?
CREID SEID:
What I really sedd was:
An election official can put official HANES, legally state approved, federally approved, “grade A good stuff” into an electronic voting machine … but if they then let that machine out for “sleepovers”, or if there is any other chain of custody security breaching practice (e.g. hooked to a network or modem), the last software loaded into the machine is the software that will be running it on election day. Not the “good stuff”. And in some cases only one module needs to be loaded to change the whole shebang.
And that is the point … a hacker is an unknown programmer who last programmed a voting machine before election day.
{Ed Note: Comment by Brent Turner of Open Voting Consortium, posting as “Sam Wiseman” again deleted. Mr. Turner has been banned here for refusing to follow the rules and posting under multiple identities, spamming his advocacy for his voting company, Open Voting Consortium, in every post. If you are unable to follow the few simple rules for posting here, Mr. Turner, I can’t why anybody would think your company, OVC, should be entrusted with counting *anybodies* vote, open source or otherwise. – BF}
DREDD, thanks for clarifying your point — I didn’t get it, clearly.
The point you are making –that incomplete chain of custody undoes what is originally done — is one I tried to make when CT proposed a new law to do pre-election memory card checks of 100% of the cards via UCONN. Wow! 100%! These cards would be programmmed, sent by some undefined method deemed secure to UCONN (100% now handled by not one but TWO vendors — a true act of faith and trust — these are experts who if not completely honest have the ability to not only detect fraud, but to commit fraud undetected), cards then sent by some undefined secure method to the registrars and then…. (ooops…what then? Put in the top desk drawer till time to put in the computer for the election?). This last bit of security was left out of the statute. Then there was language that made it a serious crime to mess with the memory card AFTER the election.
Regarding my previous quote by the CT Deputy Secretary of the State (DSOTS) about CT’s testing mechanism for ballot programming: It would seem that all CT can do is compare what is on the card to what was supposed to be programmed. Why should I find that reassuring? A failure to program the card would be detected, but an error in programming the BDFs would NO, would it? The comparison is between the programmming done and what is on the card.
Test ballots (if test correctly constructed) could show some errors (mismatch of ballot placement to candidate to be credited with vote), but apparently not many others.
What does this mean for CT in terms of The Dean article? We have a high tech computer expert — who definitely does add value as an expert; but also I am saying part of his utility to SOTS is as a show pony — to point to him and say how lucky we are to have him, while meanwhile not being forthright about what he is actually doing and not doing.