Washburn's World

My take on the world. My wife often refers to this as the WWW (Weird World of Washburn)

My Photo
Location: Germantown, Wisconsin, United States

I am a simple country boy transplanted from the Piehl Township in northern Wisconsin to the Milwaukee metropolitan area who came down "sout" in 1980 for college and have stayed in the area since.
If this blog is something you wish to support, consider a donation.

Monday, November 28, 2005

WI SEB staff taking a dive

The staff of the Wisconsin State Election Board is taking a dive on voting machinery. Here is the staff report. The last 2 paragraphs summarize the document well.

Using these questions as a guide, Elections Board staff recommends approval of the Diebold and AccuPoll voting systems. Each system completed the mock election and were able to accommodate the ballot style and voting requirements of the Wisconsin election process. In addition, each system includes several accessibility features which will allow individuals with disabilities to vote.
Elections Board staff recommends approval of the [AutoMark/ES&S system] contingent on a successful staff test of the November general election.

I will deal with the ES&S exemption first. AutoMark blended with the ES&S unity system only has a 1990 qualification number, N-1-16-22-12-001 (1990). The system is not qualified under the 2002 Voluntary Voting System Guidelines. No HAVA money for you!! What the staff is recommending is this: because ES&S has gotten some weak-minded municpal clerk to agree to buy a system which is unqualified at the federal level, the Board should approve ES&S anyway. Inablility to get federal certification and bamboolzing municipal clerks being "Good Cause" under ElBd7.03(5). This is manifestly unfair to AccuPoll, Diebold, Populex and other vendors who have abided by Wisconsin's fair but rigorous approval process.

With regards to Deibold and AccuPoll, the staff report looks objective. It is not. It is biased in its ommissions.

AccuPoll Ommissions:
AccuPoll uniquely identifies EVERY ballot receipt with a 34 character aphabetic code. This 34-character ballot identifier is then time stamped to the minute on the the audit log report. I will bet on the raw database record in MySQL, the time stamp is to the second or fraction of a second. If the sequential nature of the Diebold system is a problem under WI 5.91(1), then time stamping to the minute or better is moreso a violation. I personally made Kris Frederick of the WI SEB staff aware of this. Why is this not mentioned in the staff report? Also, on the demonstration of November 17, 2005, it was pointed out the AccuPoll system does not meet requirement WI 5.91(18) because there is no guarantee the paper ballot receipt will not walk out of the polling place. This is because the scrap of paper is not a ballot. It is a ballot receipt. As such it can printed in an absurdly small font and on any flimsy paper available. But, also a ballot receipt is in the same category legally as other election day souveniers (e.g. “I voted” stickers and sample ballots).

Diebold Ommissions:
I cannot say it better than Seven reason not to Certify Diebold TSx. The staff is aware of all of these issues and has not investigated a single one.

On the specific Wisconsin front Diebold has yet to complete an application for certification. ElBd7.01(1)(c) clearly states ALL manuals are to be delivered. As of Friday November 25, 2005. The following manuals are still to be delivered:
Express Poll 4000 Election Administrators' Guide Rev 2.0
Express Poll 4000 System Acquisition Rev 2.0
Express Poll 4000 Training Programs Rev 2.0
Gems 1.18 Client Security Policy Rev. 3.0
Gems 1.18 Server Administration Guide Rev 3.0

ElBd7.01(1)(e) clearly states ITA reports for ALL software are to be delivered. As of Friday November 25, 2005. The following ITA reports are still to be delivered:
ITA report on VCProgrammer and JResultsClient. The VCProgrammer a piece of PC programming and requires a report from a NASED/EAC approved software ITA. The report from the hardware ITA is void for the PC program, VCProgrammer. The ITA report for JResultsClient is still missing as well.

ElBd7.01(1)(b) clearly states states a complete defintion of the system is to be delivered. This is still missing as well. There is no documentation detailed enough to identify what system Diebold delivered to the Staff, let alone to a municipal clerk. This vendor lost a $2.6 million dollar lawsuit for delivering the incorrect software version. For Diebold system specification is critical.

No mention of these omissions, even though I have been in email conversations with the staff since Octoer 31, 2005 on these and other specific issues.

The security defect identified by Harri Hursti not only exists but exists in the current verison of both the optical scanner and the DRE touch screen. This defect invalidates this system under the 1990 NASED standards. Specific to Wisconsin this prevents this system from meeting the requirements of 5.91(11) [correctly and accurately admin elections].

I recommend NO to all 3 systems and urge the board to join with the growing pressure on congress to delay the January 1, 2006 selection deadline for HAVA.

Saturday, November 19, 2005

The Vendor Season is Approaching

There are only 6 weeks left to the January 1, 2006 HAVA money deadline. The activity by the vendors of electronic voting machinery will become frentic. The demands on the time and skill of anti-electronic voting activists and organizations will increase as well.

If you have friends or acquaintences who complain about the dangers of electronic voting machines but do no act, persuade them to give money to Black Box Voting, VotersUnite.org, VerifiedVoting.com, or any organization or activist specific to the topic of electronic voting machinery.

These organizations will need this help during this final vendor dash to the HAVA pot of federal gold.

Saw the AccuPoll Demonstration

The public demonstration of the AccuPoll system was on display during the evening on Nobember 17, 2005. The system is better from a technology point of view than Diebolds. To start with the operating system is Linux Red Hat and the data base is the open source MySQL. Excellent choices from the computer security point of view. Also many of the main configuration files and parameters are hashed and the hashes prominently and frequently printed on reports.

The star configuration with the EtherNet connection is troubling. In every precinct there is a precinct workstation which is connected to each and every voting station in the precinct/ward. Thus the name star configuration. The precinct machine is at the center with a communication line to each voting station. There is a great of communication on each of these communication lines.

There is an authentication protocol between the central precinct machine and each of the voting stations as the voting station connects to pecinct central. This authentication is actuall a good idea. if the software hashes (MD5) do not match the expected values then the system does not initialize. since the system recognizes the software is not approved.

When the vote is cast the ballot info is sent precinct central as part of the "stored in multiple locations" architecture. Again, a good idea. The more data sinks the more involved any machine manipulations of the vote must become.

There is program on the precint central which can "spoil" out a ballot on both the central machine and the data stores on the voting station. It was unclear. But, I am very sure the record is not deleted but is marked as spoiled in the MySQL database. This has got to be a weakness; the protocol of which can be exploited. Can I selective spoil out a pecentage of ballots is select locations to skew the city-wide reports?

The main problem is the Voter Verified Paper Audit Trail is a ballot reciept which the elector handles and could leave the polling place with. If even 1 ballot recipt can leave, WI 5.91(18) is not met since neither a count nor recount can be done using the paper. WI 5.91(1) prevents an election official from handling the ballot receipt. and since it is not a ballot, there is nothing in 5.64 to prevent this ballot receipt from leaving the polling place. Tis is a problem for the AccuPoll system I saw. A receipt under glass scheme would seem to be a solution. but, it is a solution AccuPoll does not have at this time.

As for the electronic protions. All of the communication is IP (internet protocol). Even the short cables for the single voting station were a pain in the but. It is a given that some polling location is gooing to go with a wireless connection between the central precinct machine and the 6-12 voting stations in the polling place. WI-FI reduces the physical danger of tripping, greatly simplifies the setup of a polling place and allows for great flexibility in seting up a polling place. From a security, election integrity point of view WI_FI is a fraudster's delight.

Tuesday, November 08, 2005

Diebold Application Update

After some wrangling I was able to view 626 redacted pages of the th application packet submitted by Diebold as part of the company application to be approved to sell voting equiptment in Wisconsin. The redactions were to protect the alleged trade secrets contained in the documents.

The most interesting results of this 1 hour inspection is the discovery that there were at least 12 documents missing from the application packet. There was not a single users manual, technical manual, election supervisors's manual or traing manual included in the package of material submited to the Wisconsin State Elections Board. Yet, all 12 of the missing documents are listed in the report by Ciber, Inc. purporting to document the Diebold AccuVote TSx System is qualified under the NASED/EAC 2002 Voluntary Voting System Guidelines. All 12 are required by the adminstraive rules in ElBd7.01. No one on the staff of the WI SEB noticed the absence between August 29, 2005 and my notification to them of the ommision on November 1, 2005. Two months is a long time to do "testing" without any manuals describing the system under test.

Even better is the fact the qualification number, N-1-6-22-22-001 (2002), was issued a month prior to the completion of the testing by the independent test authorities. The qualification number, N-1-6-22-22-001 (2002), for some unspecified AccuVote TSx system was issued on June 27, 2005. The 3 by ITA reports prepared Wylie labs where created on August 4, 2005. The ITA report by Ciber Inc was created on August 3, 2005. If you want to ask questions on this, I direct you to: Brian Hancock, the ITA Secretariat at bhancock@eac.gov or (866) 747-1471.

The remark about unspecified is because none of the ITA reports give a specific description of the system tested and qualified under the number N-1-6-22-22-001 (2002). The descriptions given are so incomplete the WI State Elections Board has no way to know if the system submitted for approval is or is not a system covered by the qualification number, N-1-056-22-22-001 (2002). For example the official, ITA description for the GEMS 1.18.24 central tabulator software is listed by Ciber as GEMS.EXE 5/13/2005.

That is it!!

In other words ANY file named GEMS.EXE which has a date of 5/13/2005 and whose version number as returned by a call to GetFileVersionInfo() is 1.18.24, MUST be the correct version of the central tabulation software used on ALL Diebold systems. Not even the nearly useless CRC-32 value of this EXE was recorded!! Moreover, not a single one of the supporting DLL's linked to GEMS.EXE was listed, documented or apparently tested.

If I were a DESI shareholder I would be annoyed Diebold Election Systems, Inc. paid for such shoddy work from Ciber, Inc.