Diebold Voting Systems Faulty
Rebecca Abrahams
Special to The BRAD BLOG by Guest Blogger and Freelance Network News Producer, Rebecca Abrahams
In September, 2003 Linda Lamone, the Administrator of Maryland's State Board of Elections and President of the National Association of State Election Directors (NASED) hands over a critical study on the security of the Diebold Election Systems machines that count all of Maryland's votes.
Between the time that the State of Maryland commissioned the highly respected Scientific Applications International Corporation (SAIC) to evaluate the effectiveness and security of their electronic voting machines and the time that the study is made public, critical pieces of information have been edited, omitted and, in some cases, words added, to fundamentally alter the original meaning of the report's conclusions.
The original SAIC report, coming in at nearly 200 pages, was reduced, redacted and altered such that the only version the public — or even state officials including the Governor and the full State Board of Elections — would ever be allowed to see was a wholly sanitized 38-page version of the report.
Until now.
For the first time, we've been able to review the complete, much sought-after, unredacted version of the SAIC report which has been kept at bay from Maryland state officials…as well as the computer science and security community…as well as the election integrity community and public at large since it was originally completed in 2003.
It has been called "The Pentagon Papers of Electronic Voting Systems" by some members of the computer science and security community.
Our EXCLUSIVE access to that document — which we will be releasing in full shortly — was made possible by a patriot whistleblower. The information, some of which is detailed below, could be explosive in the final days before the Midterm Elections.
As well, a transcript of an EXCLUSIVE unaired network interview that I carried out with Lamone — in which she tore off her microphone and cut off the interview after I dared to confront her on some of these issues — will follow below as well…
Enter the world of electronic voting machines, the 2002 "cure" to 2000's hanging and dimpled chads.
It is a seamy world of secrecy, proprietary software, partisan executives "committed to helping Ohio deliver its electoral votes to the president," politicians asking programmers to design software to flip vote totals, and lots and lots of money.
And it is a world of completely inconsistent realities. Diebold and the other manufacturers insist that their machines are safe and secure yet every single cyber security expert and computer scientist has, for years, been screaming into an empty wilderness of media attention, that…
--The machines can be hacked, by the implanting of malicious code, at the factory
--The machines can be hacked during transport from the factory
--The machines can be hacked while on "Sleepovers" before the election
--The machines can be hacked (in 1 minute with a .50 cent mini bar key) during the election, and
--These machines can be hacked, at the tabulator, after the election.
What makes this SAIC report, "The Pentagon Papers of Electronic Voting" as some computer experts have described it, so important is that:
It shows, in black and white, that what Diebold says to election officials and voters across the country is not the truth.
It shows that there are virtually no security protocols in place for certain Diebold machines and that the recommended security protocols were purposely removed from the publicy released version of the report.
It shows that the analyzed Diebold machines were not functional nor secure for use in elections and raises serious doubts that they are ready for the November 7, 2006 Midterm elections.
The complete study, dated September 17, 2003, is the response to research performed by Johns Hopkins University Computer Science Professor Avi Rubin citing severe security flaws on the Diebold touch screen machines, including a surprising lack of security, (encryption), on the memory cards. Maryland sought to ascertain whether their Diebold Touch Screen machines were, in fact, safe for Maryland voters to use. Maryland, along with Georgia, was one of the two original "showcase states" to implement Diebold's new proprietary touch-screen DRE (Direct Recording Electronic) voting machines.
But Diebold, in return for allowing their super secret, proprietary machines to be examined by the independent laboratory, insisted on two huge concessions from the State of Maryland.
First, SAIC would not be allowed to even look at the source code, the heart and guts of electronic voting machines. Second, they would be allowed to go through the SAIC Report, line by line, and redact anything and everything that they felt was proprietary, had a potential for security breaches or could provide a roadmap for anyone who wanted to compromise the system.
In other words, whatever they wanted to do with the publicly released version of the report they were allowed to do so.
In addition to its value in showing the massive difference between the public and private, redacted and un-redacted faces of Diebold, this document is exceedingly relevant, and presents yet a new raft of troubling revelations, as we go into the November 7 elections. 468 federal seats and countless state and local contests are being decided by Diebold and other similar electronic voting machines. The outcome of these elections will set the direction of our country for at least the next two years.
The issue is whether or not Diebold has implemented the critical changes in its software and hardware called for by the full, genuine un-redacted SAIC Report. What makes this so very important is that the software — including the core “source code” that runs the machines that will process and count almost all of America’s vote on November 7 — is as secret as the formula for Coca Cola and recipe for Kentucky Fried Chicken. Why tabulators, for example, which act as nothing more than an elaborate abacus, employ “proprietary software”, completely hidden from election officials, Secretaries of State, Attorneys General and even the Governor of every state, is a true mystery and raises huge and angry suspicions within the computer scientist and cyber security communities.
And no one, except these four private, for-profit corporations, Diebold, ES&S, Sequoia and Hart Intercivic, is allowed to see or inspect the software (and the core source code) to EVER know if the machines have operated properly or if there was, or is, malicious software that could alter the vote.
Now we come back to Maryland's State Election Director, Linda Lamone.
It seems that Maryland’s State Board of Elections (SBE), under orders from Maryland Gov. Robert Ehrlich, hired another firm, Freeman, Craft and McGregor, to review the vulnerabilities identified in the SAIC Report, the real, unredacted version, in order to confirm to the Governor and the State that all of the issues addressed had been corrected by Diebold.
The Freeman report has been completed but Linda Lamone, despite briefing her own staff about it on August 11, 2006, refuses to disclose its contents to Governor Ehrlich and even refused to release it to her board, saying it was "proprietary" until this past Monday.
Lamone's dictatorial control over information in Maryland doesn't stop there.
Remarkably, Lamone didn't even allow Giles Berger, the Chairman of the Board of Elections, to see the original, un-redacted SAIC report. He and his staff — the people who were charged with oversight over the execution of elections and the training of local boards on these machines — have only been allowed to see the much smaller report, redacted and altered by Diebold.
What are they hiding from the State of Maryland? What are they hiding from America’s voters??
Maryland, the computer science and security community and all Americas may finally be able to find out.
As a result of the courage of a top Maryland official, we have been able to obtain the entire SAIC report, showing the Diebold edits, omissions and additions.
Now we can see, precisely, what Diebold is…and should be, afraid of!
The full State of Maryland Electronic Voting System Security Study, conducted by The SAIC and delivered to Maryland on September 17, 2003 is 152 pages plus 41 pages of appendices. The report that Linda Lamone handed to the Governor and to her own Board members was only 38 pages. 38 pages!
In total there are hundreds of edits, omission and additions. Here are a few examples:
…TABLE OF CONTENTS PAGE VII…
Original Unredacted SAIC Report:
Chapter 5: Risk Assessment Results, Steps 2 - 9
5.1 Step 2: Threat Identification
5.2 Step 3: Vulnerability Identification
5.3 Step 4: Control Analysis
_______5.3.1 Management Controls Analysis
_______5.3.2 Operational Controls Analysis
_______5.3.3 Technical Controls Analysis
5.4 Step 5: Likelihood Definition
_______5.4.1 Likelihood Rating Rationale
5.5 Step 6: Impact Analysis
_______5.5.1 Impact Rating Rationale
5.6 Step 7: Risk Determination
5.7 Detailed Risk Assessment Results
Redacted Report as Submitted:
Risk Assessment Results Chapter Completely Omitted
…EXECUTIVE SUMMARY PAGE 2…
Original Unredacted SAIC Report:
In response both SBE (Maryland State Board of Elections) and Diebold stated that the devices do not operate on the Internet, and that the State's procedural controls reduce or eliminate many of the vulnerabilities identified in the report.
Un-submitted Edited Version:
In response both SBE and Diebold affirmed that the devices do not operate on the Internet, and the State's procedural controls reduce or eliminate many, if not all, of the vulnerabilities identified in the report.
Redacted Report as Submitted:
Completely Omitted
…EXECUTIVE SUMMARY PAGE 3…
Original Unredacted SAIC Report:
Risks identified were predominantly associated with a wide variety of administrative controls for voting system security. Among management and operational controls, SAIC found risks in the controls on access to servers, administration of passwords, use of system audit logs, intrusion detection and level of security training for elections personnel.
SAIC concluded that with the management and operational procedures currently in use, the risk of system compromise is high. SAIC indicated however that these vulnerabilities can be mitigated by adequate security planning and administration
Un-submitted Edited Version:
Risks identified were predominantly associated with a wide variety of ABSENT administrative controls for voting system security. Among management and operational controls, SAIC found risks in the controls on access to servers, administration of passwords, use of system audit logs, intrusion detection and level of security training for elections personnel.
SAIC concluded that with the management and operational procedures currently in use, the risk of system compromise is high. SAIC indicated however that these vulnerabilities can be mitigated, if not eliminated, by adequate security planning and administration.
Redacted Report as Submitted:
Completely Omitted
…PAGE 5…
Original Unredacted SAIC Report:
2.1.4 SBE does not require the secure transmission of election vote totals
"The SBE does not require encryption for the election results transmitted from the local polling sites to the LBE. Those results are transmitted over a private, point to point connection, via modem. Those transmitted results become the official results after the canvassing process is completed. A 100% verification of the transmitted totals to the original PCMCIA cards (i.e., computer memory storage of actual vote totals) or the paper totals is not performed.”
Redacted Report as Submitted:
"The SBE does not require encryption for the election results transmitted from the local polling sites to the LBE. Those transmitted results become the official results after the canvassing process is completed. A 100% verification of the transmitted totals to the original PCMCIA cards (i.e., computer memory storage of actual vote totals) or the paper totals is not performed.”
…PAGE 6…
Original Unredacted SAIC Report:
2.1.8 Controls are not implemented to detect unauthorized transaction attempts by authorized and/or unauthorized users
There is no documentation that describes security controls for detecting unauthorized transaction attempts by authorized or unauthorized users. Therefore, the application of security controls may be applied inconsistently, incorrectly or incompletely.
Since a threat source is more likely to exploit a system if the evidence of his/her actions cannot be gathered or will go undetected, failure to have controls for detection increases the likelihood of system attacks, and consequently, of system compromise:
Redacted Report as Submitted:
Completely Omitted
…PAGE 7…
Original Unredacted SAIC Report:
2.1.9: No documentation currently exists regarding appropriate access controls to the AccuVote-TS voting system
There is no documentation that identifies the process for maintaining appropriate access controls to the AccuVote-TS voting system. Without proper documentation, the consistent implementation of security controls cannot be verified or validated.
The lack of proper documentation has resulted in the vendor default settings being left in place with the default user ID in the configuration. This information (i.e., passwords) is also documented in various manuals.
Failure to correctly document access procedures, and use of vendor default passwords allows anyone with access to those documented passwords authenticated user privileges to the system. That access would allow the unauthorized user to do anything the legitimate user could do.
Redacted Report as Submitted:
Completely Omitted
…PAGE 8…
Original Unredacted SAIC Report:
2.3.1 Audit logs are not configured properly and are not reviewed
The GEMS server audit logs are not configured to log any security events (i.e., extended logging) at the operating system level and the current log size is too small. Consequently, recorded events are overwritten. In addition, the audit logs are not reviewed.
Failure to properly log and to review those logs makes it significantly more likely that an intruder’s actions will not be detected. Assurance on non-detection may encourage a possible intruder to attempt a penetration of the system.
We recommend that the Windows 2000 operating system be configured to audit all security events and the log size should be set to an appropriate size. We also recommend that the event logs be reviewed on a regular basis.
Redacted Report as Submitted:
Completely Omitted
Despite its original date, and Diebold's claims that all problems have been remedied with its machines, the report is considered to be a serious "smoking gun" by the very few computer experts who have seen it. It is evidence, they say, of a very purposeful plan by Diebold to hide the operational and security flaws on the machines that count all of the votes in Maryland and Georgia and many of the votes in states across the country.
The extreme sensitivity to investigation of Diebold voting hardware and software by Linda Lamone — the person who many say has been responsible for helping to "sell" Diebold systems to election directors across the country and even internationally — played out in a highly unusual unaired network television interview.
Lamone, the former President of the National Association of State Election Directors (NASED), was chiefly responsible for making recommendations to other states on which electronic voting machines they should use. Lamone is acutely aware of the problems associated with Diebold voting machines, yet remains steadfast in her defense of them.
In her offices in Annapolis, Maryland last month, with a Diebold touch screen voting machine proudly displayed right behind her, Lamone abruptly stopped our interview, ripped off her microphone and walked off when I asked about the source code – and whether she believed its counting software should remain secretly controlled by Diebold.
Here's a transcript of that section of my unaired October 2006 interview with Lamone…
ABRAHAMS: Alright so you don’t want to talk about the source code issues at all? (Lamone shakes head no) It is not relevant that we know that source code has been viewed?
LAMONE: (looking at someone off camera) Yeah the ITA [federal "Independent Testing Authority"] did it. And that whole system has been taken over by the National Institute for Standards and Technology [NIST] in partnership with the [U.S.] Election Assistance Commission [EAC]. We are because I am participating in this are writing new, we have written new standards against which the voting systems are going to start being tested next year. I am participating in another project with the Election Assistance Commission to write management guidelines covering security and other issues for election officials across the United States.
ABRAHAMS: The reasons honestly why I ask the questions about the source code is because there are a lot of people out there- elected officials and scientists who say even if the machines are secure when those memory cards are taken to the tabulator and those tabulators count the votes we don’t know how the votes are counted. The state doesn’t know and the state has not been able to see the source code so it is an issue of voter confidence.
LAMONE: I think you are in fantasy land. (speaking to someone off camera) I think I want to end this.
ABRAHAMS: I am not in fantasy land- I just have a couple more questions
LAMONE: No (takes off her microphone)
ABRAHAMS: You don’t want to finish? I just have a couple more questions…
LAMONE: No! (Finishes taking the microphone off and speaks to someone off camera)
ABRAHAMS: I don’t know why you don’t wish to continue this. I am asking you legitimate questions relating to the Diebold voting systems.
(Camera holds on empty chair with the Diebold Electronic Voting Machine, sitting alone, in the immediate background)
Given the voting system breakdowns and malfunctions in Maryland during the September 2006 Primaries and the upcoming November 7 Midterms, the edits to the SAIC study and the reactions of Lamone during my recent interview are of great concern to those studying the concerns about electronic voting.
This is ever more so, according to the experts, because in 2002, under the Help America Vote Act (HAVA), America effectively turned its elections — and in a very real sense, its Democracy — over to Diebold and three other private for-profit corporations; ES&S (Election Software & Systems), Sequoia and Hart Intercivic.
These four corporations make the Electronic Poll (E-Poll) books that now hold America's voter rolls as well as the electronic voting machines that process America's votes and the tabulators that count them.
There is still time, for a courageous Secretary of State, Attorney General or Governor, to stand up and publicly demand that Diebold and the other manufacturers do the following:
Prove that the many recommendations, contained in the un-redacted SAIC Report, have been complied with.
In Maryland, release the Freeman, Craft, McGregor Report showing what, if anything, has been fixed since the SAIC Report
Make the electronic voting machines and tabulators available immediately before, during and after the November 7 election for identified, certified computer scientists from the state government, (an “Election Swat Team”) to inspect for evidence of tampering, factory installed malicious code, malicious code that might have been added after leaving the factory, malicious code that might have been added during the election.
Make emergency Paper Ballots available for all voters who are not comfortable trusting the electronic machines. If the counties across this country have to pay Rush Fees to printers in their jurisdiction, so be it. Democracy demands nothing less.
We do not have only Diebold to blame for the critical position the un-redacted SAIC Report shows we are in. The Federal Government, despite mandating these machines has refused to exercise any oversight over them and bears huge responsibility, from The White House to the Congress.
George Bush’s own appointee to the Chair of the EAC, the U.S. Elections Assistance Commission, Rev. DeForest Soaries, quit that post, stating, rather dramatically that, “There is no prototype. There are no standards. There is no scientific research that would guarantee any election district that there’s a machine that can be used to answer these very serious questions. And so, my sense is that the politicians in Washington have concluded that the system can’t be all that bad because, after all, it produced them. And as long as an elected official is an elected official, then whatever machine was used, whatever device was used to elect him or her, seems to be adequate. But there’s an erosion of voting rights implicit in our inability to trust the technology that we use and if we were another country being analyzed by America, we would conclude that this country is ripe for stealing elections and for fraud.”
And Congress has refused to do anything to protect the voters or the Democratic process.
Congress refused to require that the four manufacturers make the software available for inspection (the Independent Testing Authories, or ITA's, only perform tests on the machine’s functionality and they are chosen and paid for by the manufacturers.) They do not even look (and they’re not required to look) for vote-flipping malicious code inside the software. Their reports are also kept secret.
Congress refused to require even so-called "voter verified paper audit trails" where the voter would look at a paper receipt inside the machine (not taken home with them), verify that it was correct and then allow for it, the hard copy, to be stored separately for use in the eventuality of a recount. And, further, Congress has refused to require mandatory random audits at polling stations or any other verification that the totals that are reported by the machines are, in fact, anything close to what the voters had intended.
Moreover, it is unlikely that Congress will ever solve the problems indicated in the SAIC Report. Republican Senator Mitch McConnell, (together with convicted Ohio Republican Congressman Bob Ney) led the effort to keep legislation requiring voter verified paper trails and machine transparency from ever coming to a vote in Congress, and even urged their Congressional colleagues to vote against any efforts to do so (see “Dear Colleague” Letter on March 3, 2004 and this ABCNews.com blog item.)
In other words, despite the brilliant rallying cry of their hero, Ronald Reagan, "Trust but Verify", the Republican Leadership has, in fact, created a Democracy where we are asked to do one but with no effort at all to do the other.
The leaked, un-redacted SAIC Report makes it clear that these machines are not ready for our midterm elections next week and that Diebold, and, perhaps the three other manufacturers, have been fraudulently hiding serious operational and security flaws from the states and the voters.
Unless there is emergency action undertaken by our states, we could have 468 mini Florida 2000s and the control and direction of our Congress debated for many months to come. Nonetheless, absent the ability to properly inspect the software on these machines, the best safeguard may, indeed, be for everyone to vote. The larger the turnout and, conceivably, the larger the margin of victory, one way or another, the less likely these far from proven machines will be able to alter the vote in defiance of whatever exit polling there is left.
Until we can get Diebold and the other manufacturers who hold our democracy in their corporate hand to tell the truth about their hardware and software, our democracy may hinge on people doing what it is really all about anyway: Getting out and voting.