California “Hack” Test Stalled As Diebold Certification Derails
http://www.blackboxvoting.org
BREAKING – Dec. 20, 2005: California Secretary of State Bruce McPherson has laid a subtle and elegant trap. Today,
California threw Diebold Election Systems’ pending certification into a tailspin, using Machiavellian logic designed to
cast doubt on the federal testing lab process, the upcoming HAVA deadline and Diebold voting systems simultaneously
(while standing neatly aside to watch the house of cards collapse).
This move follows on the heels of a devastating hack demonstration by Harri Hursti sponsored by Black Box Voting, which
took place in Leon County, Florida on Dec. 13. This hack manipulated memory cards by exploiting design defects and
Diebold’s customized “AccuBasic” program code.
Here’s how the California trap works: In a terse letter to Diebold, State elections chief Caren Daniels-Meade writes,
“Unresolved significant security concerns exist with respect to the memory card used to program and configure the
AccuVote-OS [optical scan] and the AccuVote-TSX [touch-screen] components of this system because this component was not
subjected to federal source code review and evaluation by the Independent Testing Authorities (ITA) who examined your
system for federal qualification. It is the Secretary of State’s position that the source code for the AccuBasic code on
these cards, as well as for the AccuBasic interpreter that interprets this code, should have been federally reviewed.
“…we are requesting that you submit the source code relating to the AccuBasic code on the memory cards and the AccuBasic
interpreter to the ITA for immediate evaluation. We require this additional review before proceeding with further
consideration of your application for certification in California.”
And herein lies the trap. Federal testing authorities are supposed to rely on standards set by the Federal Election
Commission. The FEC standards prohibit “Interpreted code” – thus, the AccuBasic “interpreter” is illegal. (The entire
AccuBasic source code tree is written in a home-brewed language that Diebold programmers made up themselves, making it
more difficult for certifiers to examine.)
The Hursti memory card attack demonstrated in Leon County Florida manipulated the voting system by passing code through
-- drum roll please -- the Diebold interpreter, using a set of programs called AccuBasic which was written in a
concocted computer language and (now it is revealed) was never examined at all by federal testing labs.
The ITA dilemma: ITAs have the choice of either recommending code that explicitly violates FEC standards (placing an
unsupportable liability burden on them) or admitting that the original certification was defective. If the ITAs retract
their recommendation, it will effectively strip Diebold of its federal certification, and may also affect its older
products.
The Diebold dilemma: Diebold can refuse to submit its code to the ITAs, but that will lose the state of California,
continuing a pattern initiated last week when two Florida counties dumped their Diebold machines. Alternatively, Diebold
can submit its code and watch as the federal authorities sever their product line from the U.S. market.
The position is made more unstable because Diebold is now fending off stockholder suits by an armload of attorneys
piling on to solicit clients for a voting machine-related securities fraud lawsuit.
California Secretary of State letters to Diebold Election Systems:
Something terribly wrong has happened here.
American citizens have been commenting on the unacceptable performance of the ITAs since before Black Box Voting was
incorporated in 2004.
In November 2002, Dan Spillane (a former senior test engineer for VoteHere) met with Black Box Voting founder Bev
Harris.
“It’s a house of cards,” he said, showing her stacks of bogus ITA reports. “The bottom card is the certification
process.” Spillane says he flagged more than 250 system integrity errors in the touch-screen system he evaluated, yet
the system passed every level of certification. He was terminated by VoteHere, he sued, and the case was settled by
VoteHere with details kept confidential.
Here are writings by computer programmer Jim March on this subject: "The Federal testing process was subverted multiple
times by Diebold staff…we’re going to need to study the Federal certification process, in public.” http://www.equalccw.com/lewisdeconstructed.pdf (Date 9/23/2003; Jim March)
Bev Harris’s book, Black Box Voting, took the ITAs, NASED and the state examiners to task: http://www.blackboxvoting.org/bbv_chapter-6.pdf (Date 10/10/2003; Bev Harris). Harris published interviews with state voting machine examiners exposing slipshod state
certification that relies on the flawed premise of strong federal certification: http://www.blackboxvoting.org/bbv_chapter-9.pdf (Date 10/15/2003)
A Riverside (Calif.) computer programmer Jeremiah Akin writes of ITA failure during testing of Sequoia voting software:
"Failure of certification process to catch major security flaws in software:…Riverside has run elections on software
that was later found to contain major security vulnerabilities that were not spotted in the certification process." http://www.exit.com/RiversideVoteTest/letters/response_to_mudslinging.pdf (Date 2/29/2004; Jeremiah Akin)
Black Box Voting published ITA reports from Ciber Labs for Diebold showing that “penetration tests” (security
evaluations) were marked “not applicable” and “not tested.” http://www.bbvdocs.org/general/ciber-reports.zip (Date: Oct. 17, 2004; Black Box Voting, Inc.)
Susan Pynchon, an ordinary citizen who now runs the Florida Fair Elections Coalition, wrote this analysis demonstrating
a breakdown in Florida's state certification process: http://www.bbvdocs.org/general/FFECreport.pdf (Date July 11, 2005; Susan Pynchon)
Ordinary citizens led this investigation, gathering momentum and evidence nationwide, resulting in the Thompson and
Hursti security tests in Florida, culminating in the California Secretary of State ordering Diebold and federal testing
labs to go clean up their room (while neatly diverting attention from state-level certification failures).
And now, a word from one of our forefathers:
"There is only one force in the nation that can be depended upon to keep the government pure and the governors honest,
and that is the people themselves. They alone, if well informed, are capable of preventing the corruption of power, and
of restoring the nation to its rightful course if it should go astray. They alone are the safest depository of the
ultimate powers of government."
-- Thomas Jefferson
ENDS
-Black Box Voting is a nonpartisan, nonprofit 501c(3) elections watchdog group supported entirely by citizen donations.
To support our work, go to http://www.blackboxvoting.org/donate.html or mail to 330 SW 43rd St Suite K PMB 547 Renton WA 98055Black Box Voting