SBE Hiring a Diebold Apologist Rather to Conduct Tests of Diebold Machines
PRESS RELEASE: TrueVoteMD.org
SBE Responds to Calls for Independent Testing of Diebold Machines By Hiring a Diebold Apologist Rather then a Security
Expert to Conduct Tests.
TrueVoteMD Calls Review a "Whitewash in the making"
Montgomery County: Over the past five months, a Finnish security expert Hari Hursti has tested Diebold voting systems
used in many states. He found serious security vulnerabilities both in the software, PCMCIA cards that record votes and
in the procedures surrounding the voting machines. One of these vulnerabilities was detected by a Maryland security
assessment two years ago, but Diebold never fixed the vulnerability. The newest attack is so serious that experts are
afraid to talk about its details publicly.
As these security vulnerabilities became known the Governor expressed his view that he no longer trusted the machines.
Candidates and citizens called for independent testing of the machines and John Hopkins Computer Expert Avi Rubin
challenged the State Board of Elections to find computer scientists who would verify that the system is secure.
In response to this widespread pressure from citizens, voting security experts and political leaders, including
TrueVoteMD, The Maryland State Board of Elections recently hired Freeman, Craft and McGregor Group Inc., to do an
assessment of Diebold’s voting system security. However the selection of this Florida firm to do the analysis has itself
raised questions.
Paul Craft is a partner in Freeman, Craft and McGregor. “We did some research into Paul Craft’s firm and have serious
concerns as to their qualifications as security experts. There has been a lot of criticism of Mr. Craft in regards to
the weakening of security procedures during the time he was assisting NASED in creating voting system standards in
2005,” said Alex Zeese of TrueVoteMD.org. “ We have some of the best computer experts in the country right here in
Maryland who have been very critical of the Diebold machines. The SBE should have had these well-qualified critics test
the machines in order to restore confidence of voters and political leaders. The selection of this group is a whitewash
in the making. With this firm conducting the test the outcome is predictable."
TrueVoteMD has compiled research into Freeman, Craft and McGregor, which shows a history of favoritism towards the
Diebold Corporation and a failure to recognize the seriousness of security flaws. Mr. Craft, in particular, was involved
in the revision of the national voting system standards. He consistently advocated relaxing standards in favor of the
machine manufacturers. Another partner, Steve Freeman, was hired by the state of California to check for problems on
their voting machines, after Maryland released the RABA report. The RABA Report raised concerns about the security of
the GEMS Tabulators, that tabulate the results from all the machines in a precinct/county. Despite the risks reported by
RABA and CompuWare, Freeman has repeatedly recommended the tabulators.
TrueVoteMD has published a summary of concerns about the group picked on line at: http://truevotemd.org/content/view/474/82/
It is also below:
Lamone Finds a Firm that will approve Diebold paperless voting
The SBE has announced that they will be giving a no-bid contract Freeman, Craft, McGregor Group, Inc. to test Maryland’s
voting system for the latest round of security vulnerabilities that have been exposed regarding Diebold’s TSX machines.
TrueVoteMD is concerned that the SBE has hired a firm that includes Paul Craft as a principal–rather than a firm that
has been a critic of the system – or at least someone who has not shown a bias in favor of Diebold.
The firm, Freeman, Craft, McGregor Group, Inc., was created by former Florida elections official Paul Craft. Mr. Craft
who has been a professional apologist for the Diebold system since its initial contracts were signed by the State of
Maryland -
Paul Craft: Bias in favor of Diebold, paperless voting; an advocate for manufacturers, and tied to the infamous Florida
voter purge
Mr. Craft has consistently blocked proposed security measures, in regards to paper trails. A report on an Election
Assistance Commission (EAC) meeting describes his open alliance with manufacturers of voting equipment:
Paul Craft, another member of the committee, then suggested that they hear from the vendor engineers who were in the
audience to see what they would do about the proposed standards. At this point, Dr. Semerjian, the chairman of the
committee and the Director of NIST, said that the TGDC is not in existence to approve existing voting systems, nor
rubber stamp state decisions. The committee then went on a break.
Upon return from the break Paul Craft announced that he had talked to the vendors and that they did not like some of the
standards. A vote was then held and those standards were deleted.
Source: http://www.votetrustusa.org/blogs/nist
Another example is a January 28, 2005 letter by Fernando Morales to the Election Assistance Commission (EAC) entitled:
Paul Craft’s Questionable Behavior. The letter claims that Paul Craft has consistently watered down security measures in
favor of the machine manufacturers rather then take the warning of security experts into consideration. See:
http://vote.nist.gov/ecposstatements/morelascraftcomment.pdf#search='paul%20craft%27s%20questionable%20behavior'
- Further, reports link him to the controversial Voter Roll Purge in Florida in 2000 and 2004. Vanity Fair reports that
in 2000 Paul Craft was told about how the purge would adversely affect minorities in Florida yet did nothing to stop the
purge from occurring, despite being in a position to do so. See:
http://www.makethemaccountable.com/articles/The_Path_To_Florida.htm
- Paul Craft is not a qualified security analyst; his degree is in Hotel Management.
His full resume can be found at: http://web.archive.org/web/20050308061207/paulcraft.net/resume.html
Steve Freeman: Approves machines despite security vulnerabilities
Steve Freeman also shares a bias in favor of electronic voting. He has shown his willingness to ‘look the other way’ and
certify election systems despite security vulnerabilities. The description below demonstrates his work in California:
VOTING MACHINE EXAMINERS CHICKENING OUT OF SENATE INVESTIGATION
It took Dr. Thompson less than five minutes to identify the fatal flaw in the GEMS tabulator. Both federal and state
certifiers should be asked why they have repeatedly approved GEMS for certification. Did they not understand that a
Visual Basic Script can be used to hack a Microsoft Access application? Did they not know GEMS uses Microsoft Access? Do
they believe that using a voting program that is hackable with a simple script is secure?
The Steve Freeman time sheets reveal that he specifically billed the state of California for testing in response to the
RABA Technologies report and the CompuWare report. His time sheets show an additional five-hour examination of GEMS
security. The August 18, 2004 CompuWare report rates the GEMS risk High,High, High and the RABA report says that GEMS
should be rewritten entirely.
Freeman needs to be asked, under oath, why he repeatedly recommended GEMS for certification even after numerous reports
detailed its security flaws. As recently as November 2005, Freeman recommended GEMS for certification again, this time
admitting that there were defects but saying they were planning to find a way to mitigate them. (However, California has
not yet mitigated the defects, but will continue to use GEMS.)
Source: http://www.bbvforums.org/forums/messages/1954/19304.html
Kate McGregor: epitomizes the revolving door between ‘regulators’ and private industry.
Kate McGregor formerly worked for David Drury of the Florida Bureau of Voting System Certification. She initially
entered the group as a silent partner while working for the Florida state government. In an email exchange from Paul
Craft to Bruce MacDannold Mr. Craft reveals that he and Steve Freeman have a silent partner named Kate MacGregor. Craft
states McGregor is a current employee of the state of Florida but is currently working on her exit strategy, i.e.
putting in place contracts for when she leaves office.
On January 5, 2006 Craft states:
"Thus far in the consulting practice, in addition to investment, her involvement has included helping me decide upon and
create the corporate structure, developing marketing plan, and assembling proposals, I anticipate she will probably come
on board full time, sometime in February. We are planning for her to allow us to expand the practice in the areas of
best practices, Security Procedures, acceptance testing, System Validation, and Disaster Recovery."
This can be found at: http://www.washburnresearch.org/archive/FCMGroup/CraftMcGregor01.pdf
###
Alex Zeese
Grassroots organizer
www.TrueVoteMD.org