A Devastating UConn Report on US Fascists' Vote-Rigging Machines

Started by Adam_Fulford, Oct 31 06 05:25

Previous topic - Next topic

Adam_Fulford

 [a  href="vny!://avi-rubin.blogspot.com/"]Excerpt [/a]written by [a  href="vny!://beta.blogger.com/profile/05727241711132643386"]Avi Rubin[/a]

Tuesday, October 31, 2006                      [a name="571618047541255125"][/a]            [h3 class="post-title"][a href="vny!://avi-rubin.blogspot.com/2006/10/uconn-voter-center-report-diebold-av-os.html"]UConn VoTeR center report: Diebold AV-OS is vulnerable to serious attacks[/a]                      [/h3]A [a  target="new" href="vny!://voter.engr.uconn.edu/voter/Reports.html"]powerful new report[/a] was released yesterday about the Diebold AccuVote Optical Scan voting terminal (AV-OS). This is a thorough and independent security analysis of the machines that will be used in Connecticut to count votes on November 7. It is based on hands-on experimentation with the system, and is thus more like the Princeton study of the Accuvote TS than my team's earlier source code analysis. Like the Princeton team, the UConn researchers had no access to any internal documentation from the vendor, no source code, or any other information that would have given them an advantage over a random attacker who happened to get access to the machine. Everything they needed to know to perform the attacks was done by reverse engineering the system and observing its behavior. The evaluation was done as part of an evaluation on behalf of the state of Connecticut. They should be commended for not only allowing, but for requesting this study. The report published on their web site explains the attacks in enough detail to be convincing, but some low level details are reserved for another copy of the paper that is only available from the authors by request.

[a href="vny!://avi-rubin.blogspot.com/"]CLICK HERE to read rest of article[/a]
 

Adam_Fulford

 Adam_Fulford wrote:

From [a  href="vny!://www.bradblog.com"]www.bradblog.com[/a] founded by Brad Friedman who dared honestly report what the Overwhelmingly Fascist US Media, for so long, has failed to do.
 [a  href="vny!://avi-rubin.blogspot.com/"]UPDATE: ComputerWorld has now posted a complete package on E-Voting issues compiled and edited by CW's Security Section editor, Angela Gunn. Tons of stuff available. ..an excellent new resource. It's [/a][a  href="vny!://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9004591&intsrc=hm_ts_head"]all available from right here...[/a]


From
[a  href="vny!://www.blackboxvoting.org"]www.blackboxvoting.org[/a] founded by heroic American patriot Bev Harris:

[font face="Verdana,Arial,Helvetica" size="2"]Mail-in ballots are counted by voting machines. In some locations, they are actually entered into touch-screens! In most locations, they are counted by optical scan machines, and some of these (Diebold) have crucial checks and balances disabled.
 
This article exposes several problems with mail-in voting, and tells you what you can do to protect your mail-in vote.  
 
[font color="#ff0000"]Let's start with this: Absentee ballots may require MORE POSTAGE than you think.[/font]  
 
In an election last year in King County Washington, voters were surprised to learn that they needed to affix two stamps, not one, to their absentee ballot envelope. This year Black Box Voting has seen anecdotal evidence that ballots in Florida and California require two stamps, not one, and this is not always clear to the voter.
 
What's the remedy? Unless this is incredibly, indelibly, as clearly marked as it can possibly be, demand that your jurisdiction pick up the cost for any ballots mailed in with insufficient postage. They did this in Washington State and they can do this in your jurisdiction. And, check the postage required for your own mail-in ballot. If it requires two stamps and is not clearly marked, please propagate the information to at least five communications outlets: Local media, election reform groups, political parties, candidates, blogs, e-mail lists.
 
The best solution is probably to start insisting that your local jurisdiction go to Business Reply Mail for mail-in ballots. This would cost the county money for postage, but provides a very good tracking and a built-in accounting system that would solve other problems as well.
 
[font color="#ff0000"]Next problem: Very serious incidents can occur with incorrect ballot inserts.[/font]  
 
In a California location where two different ballots are supposed to be inserted in each envelope mailed to the voters, some voters got only one, others got two of the same thing, and still others report ballots with some of the candidate names incorrect or left off. Why is this so serious?
 
It's a very sticky problem because the remedy is so difficult. Correctly implemented mail-in ballot systems protect the privacy of your vote, by using a privacy envelope inside the return envelope. While the return envelope has information so they can authenticate your right to vote, the interior envelope containing the ballots is then separated away from the authentication envelope as soon as your right to vote is verified.
 
Herein lies the problem when wrong ballot inserts are sent out: You can't check to see if people got the correct insert without violating their privacy, and you can't remedy the problem if you check after the vote is rendered anonymous.
 
What to do about it: In any location where incorrect ballot insertion is discovered, citizens and candidates should to document the numbers on the problem by observing the absentee counting process and also insisting that every one of the incorrect inserts be documented. (And this won't even be possible when ballots for the wrong precinct are inserted). Depending on the nature of the findings, this problem could justify re-running an election.
 
[font color="#ff0000"]Next problem: Was your signature accepted? [/font]
 
When voting by mail, the signature on your voter registration card is compared with the signature on your mail-in envelope. This is often done with software like VoteRemote, which pulls the signature from your voter registration up on a computer screen and pulls the signature on your mail-in envelope onto the same screen, showing them side by side.
 
The jurisdiction has the option of having human eyes compare the signature or having the software do the comparison. If the software compares, it can be set strategically to various tolerances of acceptance. Whether humans or machines compare the signature, how do you know whether YOUR signature was accepted?
 
This is a question we haven't gotten satisfactory answers to. We've been told that every rejected signature goes through a panel before ultimately deciding whether it will count or not, and one jurisdiction (Whatcom County Washington) told me they notify the voter if the signature isn't accepted, but I don't believe most jurisdictions ever tell the voter if the signature was rejected.
 
I think of my mother, who loves to vote absentee. She signed her voter registration card many years ago. Is it possible that every one of her votes in recent years has been discarded? If so, how will she know?
 
What to do about it: You should contact your local jurisdiction and ask this question. E-mail the answer to Black Box Voting, and tell us what county or township you are in.
 
By the way, there is an interesting notation in some of the literature for VoteRemote signature comparison software, and there is also an interesting question arising in state database procedures. VoteRemote advertises that it can write data INTO the voter registration database, but doesn't specify what data is being written in. One notation I have seen indicates that a signature can be "updated" in the voter registration database with software for electronic signature checking, and/or software for electronic pollbooks.
 
Because the software is secret, written by private companies, we don't know the answer to this. If your signature can be "updated" or overwritten by software, that is a security problem. There should never be an instance of "updating" your signature without your express permission.
 
[font color="#ff0000"]Next problem: Did your mail-in ballot arrive at the elections division?[/font]  
 
Some jurisdictions allow voters to confirm whether or not their ballot arrived (but this doesn't confirm whether their signature was accepted). In other jurisdictions, there is no easy way to find out whether the ballot you mailed in ever got to the elections division.
 
In Broward County, Florida, an extraordinary citizen named Ellen Brodsky spent months trying to track down over 50,000 missing mail-in ballots. In King County, Washington, bags of ballots were once found years after they were supposed to be delivered. Also in King County, incoming ballots were being taken from the U.S. Post Office to a private company called PSI Group, without an accounting of how many arrived at the Post Office, how many arrived at PSI Group, vs. how many arrived at the Los Angeles County Elections division.
 
What to do: Call your local jurisdiction to find out the procedures for you to verify that your ballot was received. If your county cannot provide you with this information, contact Black Box Voting and also take action to change this policy (but that won't help you in the Nov. 2006 election).
 
[font color="#ff0000"]Next problem: Chain of custody of the mail-in ballots[/font]
 
Election officials have told us that this is one of their primary concerns. For example, after the ballots are separated from the envelopes that identify the voter, can new ballots be added or substituted? And what about the storage of absentee ballots as they are coming in, before they are counted? And transportation: In King County, Washington, as many as 60,000 ballots per day are received -- perhaps even more. Who's driving the truck, and what is protecting these ballots enroute?
 
What to do: This is where extraordinary acts of citizenship are in order. We often find that what election officials TELL us is happening to protect the ballots is not the whole truth -- and sometimes it's not the truth at all. One valuable contribution you can make to election integrity in your jurisdiction is to organize a small posse to try and actually observe each step in the chain of custody. Here is a Citizens Tool Kit module with ideas for you:
[a href="vny!://www.blackboxvoting.org/toolkit-chain-of-custody.pdf" target="_blank"]vny!://www.blackboxvoting.org/toolkit-chain-of-custody.pdf[/a]
 
Report back on any problems you identify in the "Reports from the Front Lines" section of these forums, and/or propagate the information to at least five communications targets: A blog, a listserve, the media, some candidates, your local election reform group, a national elections watchdog group, and one of the incident reporting telephone lines.
 
[font color="#ff0000"]Next problem: Ballot printer accountability[/font]
 
It used to be that all ballots were serial numbered. There was a careful accounting of how many ballots were printed, in serial-numbered order, and what happened to each ballot. The serial number could, of course, be used to tie a voter to a ballot, so it was affixed to the ballot with a perforation. The serial number was accounted for, then removed and saved in a separate secure ballot box. Not so any more!
 
Records obtained by Black Box Voting indicate that the Diebold ballot printing company located in Everett, Washington was budgeting to overprint by as many as 25 percent of what they delivered to the county. Employees of the ballot printing company asked US -- what happens to these extra ballots that are being printed up?
 
Well that's a good question. While counties and townships are expected to account for their ballots (though the accounting may or may not match -- that's another issue!) -- the ballot printer is usually under no obligation to account for what they do with extra ballots.
 
Having extra ballots floating around anywhere significantly jeopardizes the security of the election. It allows for back-room deals with insiders to replace ballots if a recount occurs, to make sure they "match" the results that were given out.
 
What to do: Insist on a return to serial-numbered ballot printing with accurate, careful accounting by all parties.  
 
[font color="#ff0000"]Next problem: Voting machine issues[/font]
 
Absentee ballots are usually run through an optical scan voting machine. These machines have, in the past, produced tapes that give the results. These voting machine results tapes can then be compared with the central tabulator.
 
Diebold, at least, has disabled this results tape in its absentee counting machines, so that the ONLY results are the data held in the GEMS central tabulator machine -- a system so hackable that we once taught a chimpanzee to alter its audit log; this is the system I taught presidential candidate Howard Dean to manipulate.
 
The absentee votes are at particular risk in the GEMS central tabulator, for the following reason: Many absentee votes are counted after Election Day. By this time, you know exactly how many votes are needed to win. The simplest way to manipulate the tabulator to tweak absentee votes for a particular candidate is this:
 
- Each candidate is assigned a number in the GEMS system
 
- By flipping the number, you effectively flip the vote.  
 
- You can flip votes back and forth as often as needed simply by reversing the candidate numbers in the GEMS database.
 
Yes, that requires inside access. But we should NOT be required to "trust" our government. Instead, we need to trust but verify, and the only way we can begin to verify the absentee central tabulator is to get the actual computer data files for each time the results were run.
 
What to do: Request the GEMS computer files for each time a report was run. You can find out when reports were run by getting the reports themselves, and also by looking at the GEMS audit log -- that that can be easily edited. The computer file should be saved as a backup file each time a report is run. You should get a copy of each of these iterations of the backup files. It's circumstantial evidence, it's tamperable, but it's probably the best you're going to get.
 
And then, isn't it time to vote Diebold off the island?
 
[font color="#ff0000"]Next problem: Recounts[/font]
 
Mail-in votes are often counted in non-homogenous batches, and when candidates seek a recount, they are quoted exceedingly large sums because, they are told, it is impossible or very costly to sort out the ballots to obtain just their district.
 
What to do about it:
 
- One solution is to insist that the local elections division purchase an off-the-shelf scanner, scan all the ballots, and post the pdf or tiff files online so that citizens can look at all the ballots themselves. Or, allow citizens to get copies of all these ballot scans on CD or DVD.
 
This is an imperfect solution but would allow citizens to develop ballot-sorting programs themselves to sort those images so candidates could look at their own ballot evidence without forking out half a million dollars.
 
[font color="#ff0000"]Recommendations for mail-in voting:[/font]
 
1. If you have any kind of a paper trail available in your location, vote at the polling place.
 
2. If you're going to do mail-in voting, treat democracy as a contact sport. Get in there and watch what's going on. Don't take anyone's word for what they say they are doing -- watch it yourself. Don't cede the right to oversee over to an assigned monitor or political party observer -- insist on the right to oversee it yourself, as a citizen, as the owner of your government.
 
[font color="#ff0000"]VOTE:[/font] If you are disenchanted with the current election system, go on the offense, don't retreat -- and that means, VOTE!
 
Put your vote into the record and then hunt down evidence that ALL votes were received and counted accurately.
 
# # # # #
 [/font]
[a href="vny!://avi-rubin.blogspot.com/"][/a]