So, Diebold knew that the AccuVote results reports could be programmed to "do just about anything" and Diebold also knew that "firmware does not keep a checksum on the Accu-Basic report program stored on the memory card."
Did Diebold include this KNOWN information in its "penetration analysis"?
If so, why are the testing labs (Ciber and Wyle) still in the business of examining elections software?
If not, why is Diebold still in the elections business?
Not only is the memory card exploit findable and documented in the public record (at least since 2003 when the Diebold memos were released), but another "unauthorized operation," the use of a Visual Basic script to hack the GEMS central tabulator, has been widely known for years. The use of the MS Access database to perform unauthorized functions was publicly revealed by Black Box Voting in July 2003, but was documented by Diebold programmers back in Oct. 2001.
Aside from the memory card problems, were the GEMS penetration points documented in the penetration test sent by Diebold to testing labs?
REGARDLESS, WHY DIDN'T STATE AND INDEPENDENT EXAMINERS IDENTIFY THE PROBLEMS AND SPEAK UP?
Public records obtained by Joan Quinn reveal that California voting system examiner Steve Freeman did a five-hour "security examination" of GEMS after the exploit holes were documented publicly by Black Box Voting -- yet he recommended certification of the system, even after a critical protective measure for GEMS hacking was stripped out of the Diebold central counting system.
What is in his report on this? Black Box Voting has requested a copy, but due to the bizzaro-world nondisclosures, we believe we may be turned down for "security" reasons (even though it was Black Box Voting that first publicly identified the GEMS defects, on July 8, 2003!).
FEC standards:
"Such penetration analysis will be subject to strict confidentiality and non-disclosure by the test authority. For security reasons, the penetration analysis shall not be routinely distributed to the jurisdictions that program elections. The penetration analysis, however, will be part of the escrow deposit."
HOW MANY SECRETARIES OF STATE HAVE VIOLATED THEIR OWN STATE ELECTION LAWS?
Many states have election laws that state something similar to this: "systems be safe from 'fraud or manipulation'."
Let us examine for a moment the responsibility of secretaries of state under their own legal responsibility to ensure that their voting system is "safe from fraud or manipulation."
- If the FEC standards requires that the ITA-examined and vendor-supplied "penetration analysis" be submitted into escrow, does the secretary of state have a duty to examine the penetration analysis?
