- State senators and legislators, especially in the above-named states, are urged to launch formal hearings, with subpoena power and witnesses under oath, to investigate exactly what restrictions were placed on voting machine examiners by vendors and secretaries of state.
ANOTHER BREAKDOWN IN VOTER PROTECTION
Bruce Sims of San Diego, Calif. caught this problem:
According to 1990 FEC standards section 5.3, "Access Control", voting machine manufacturers are required to provide federal testing labs with a "penetration analysis" (hacking analysis). Did Diebold, Sequoia and ES&S provide this to testing labs?
If so, why didn't the labs identify the massive Diebold holes exploited by a Finnish security expert in the 2005 Black Box Voting "Harri Hursti" projects, and by Dr. Herbert Thompson and Black Box Voting with the Diebold GEMS central tabulator, and by Jeremiah Akin with the Sequoia WinEDS central tabulator?
"All software (including firmware) for all voting systems SHALL incorporate measures to prevent ... unauthorized operations by ANY PERSON. Unauthorized operations include, but are not limited to: MODIFICATION OF COMPILED OR INTERPRETED CODE..."
This is exactly the "unauthorized operation" that Hursti performed in Leon County on May 26 and Dec 13 2005 in the Black Box Voting projects. Thompson's Visual Basic GEMS hack was also an "unauthorized operation" of the code, and the alterations in the Sequoia WinEDS code demonstrated by Jeremiah Akin are also "unauthorized operations."
When public officials and vendors explain to you that these hacks are not relevant because they require inside access, note that this FEC requirement applies to both outsiders and INSIDERS.
DID THE VENDOR EVER SUPPLY ACCURATE "PENETRATION ANALYSES?"
"The vendor shall provide a penetration analysis," the standards say. Setting aside for the moment the sheer stupidity of relying only on a profit-seeking vendors assessment of their own product weaknesses, the Diebold memos show that Diebold knew that its customized AccuBasic code could be altered to "do just about anything." Therefore, unless Diebold identified this in the "penetration analysis" it was supposed to provide to the labs, it was out of compliance with FEC guidelines.
==============
From: Guy Lancaster Date: Thu, 18 Nov 1999
"The 1.94w firmware does not keep a checksum on the Accu-Basic report program stored on the memory card. It sounds like that area has been corrupted on these but without a checksum, the Accu-Vote doesn't recognize the fact and report the error..."
From: On Behalf Of Steve Knecht Sent: Tuesday, February 05, 2002 9:54 AM Subject: AccuVote Tapes Results Report
> could we get an AccuBasic Report Option that just printed out the label and the ballots cast by precinct only for the zero and election night report...