|
|
,
Add to My Group(s)
Add to My Group(s)
By Black Box Voting Posted by Joan Brunwasser (about the submitter)
Become a Fan (38 fans) -- Page 3 of 4 page(s)
==============
So, Diebold knew that the AccuVote results reports could be
programmed to "do just about anything" and Diebold also knew
that "firmware does not keep a checksum on the Accu-Basic
report program stored on the memory card."
Did Diebold include this KNOWN information in its "penetration
analysis"?
If so, why are the testing labs (Ciber and Wyle) still in the
business of examining elections software?
If not, why is Diebold still in the elections business?
Not only is the memory card exploit findable and documented
in the public record (at least since 2003 when the Diebold
memos were released), but another "unauthorized operation,"
the use of a Visual Basic script to hack the GEMS central tabulator,
has been widely known for years. The use of the MS Access
database to perform unauthorized functions was publicly revealed
by Black Box Voting in July 2003, but was documented by Diebold
programmers back in Oct. 2001.
Aside from the memory card problems, were the GEMS penetration
points documented in the penetration test sent by Diebold to testing labs?
REGARDLESS, WHY DIDN'T STATE AND INDEPENDENT EXAMINERS
IDENTIFY THE PROBLEMS AND SPEAK UP?
Public records obtained by Joan Quinn reveal that California voting
system examiner Steve Freeman did a five-hour "security examination"
of GEMS after the exploit holes were documented publicly by Black Box
Voting -- yet he recommended certification of the system, even after a
critical protective measure for GEMS hacking was stripped out of the
Diebold central counting system.
What is in his report on this? Black Box Voting has requested a copy,
but due to the bizzaro-world nondisclosures, we believe we may be
turned down for "security" reasons (even though it was Black Box
Voting that first publicly identified the GEMS defects, on July 8, 2003!).
FEC standards:
"Such penetration analysis will be subject to strict confidentiality
and non-disclosure by the test authority. For security reasons, the
penetration analysis shall not be routinely distributed to the jurisdictions
that program elections. The penetration analysis, however, will be
part of the escrow deposit."
HOW MANY SECRETARIES OF STATE HAVE VIOLATED THEIR OWN
STATE ELECTION LAWS?
Many states have election laws that state something similar to this:
"systems be safe from 'fraud or manipulation'."
Let us examine for a moment the responsibility of secretaries of
state under their own legal responsibility to ensure that their voting
system is "safe from fraud or manipulation."
- If the FEC standards requires that the ITA-examined and
vendor-supplied "penetration analysis" be submitted into escrow,
does the secretary of state have a duty to examine the penetration
analysis?
Become a Fan (38 fans) -- Page 3 of 4 page(s)
So, Diebold knew that the AccuVote results reports could be
programmed to "do just about anything" and Diebold also knew
that "firmware does not keep a checksum on the Accu-Basic
report program stored on the memory card."
Did Diebold include this KNOWN information in its "penetration
analysis"?
If so, why are the testing labs (Ciber and Wyle) still in the
business of examining elections software?
If not, why is Diebold still in the elections business?
Not only is the memory card exploit findable and documented
in the public record (at least since 2003 when the Diebold
memos were released), but another "unauthorized operation,"
the use of a Visual Basic script to hack the GEMS central tabulator,
has been widely known for years. The use of the MS Access
database to perform unauthorized functions was publicly revealed
by Black Box Voting in July 2003, but was documented by Diebold
programmers back in Oct. 2001.
Aside from the memory card problems, were the GEMS penetration
points documented in the penetration test sent by Diebold to testing labs?
REGARDLESS, WHY DIDN'T STATE AND INDEPENDENT EXAMINERS
IDENTIFY THE PROBLEMS AND SPEAK UP?
Public records obtained by Joan Quinn reveal that California voting
system examiner Steve Freeman did a five-hour "security examination"
of GEMS after the exploit holes were documented publicly by Black Box
Voting -- yet he recommended certification of the system, even after a
critical protective measure for GEMS hacking was stripped out of the
Diebold central counting system.
What is in his report on this? Black Box Voting has requested a copy,
but due to the bizzaro-world nondisclosures, we believe we may be
turned down for "security" reasons (even though it was Black Box
Voting that first publicly identified the GEMS defects, on July 8, 2003!).
FEC standards:
"Such penetration analysis will be subject to strict confidentiality
and non-disclosure by the test authority. For security reasons, the
penetration analysis shall not be routinely distributed to the jurisdictions
that program elections. The penetration analysis, however, will be
part of the escrow deposit."
HOW MANY SECRETARIES OF STATE HAVE VIOLATED THEIR OWN
STATE ELECTION LAWS?
Many states have election laws that state something similar to this:
"systems be safe from 'fraud or manipulation'."
Let us examine for a moment the responsibility of secretaries of
state under their own legal responsibility to ensure that their voting
system is "safe from fraud or manipulation."
- If the FEC standards requires that the ITA-examined and
vendor-supplied "penetration analysis" be submitted into escrow,
does the secretary of state have a duty to examine the penetration
analysis?
The views expressed in this article are the sole responsibility of the author
and do not necessarily reflect those of this website or its editors.
 Contact Editor |
Comments
The time limit for entering new comments on this article has expired.
This limit can be removed. Our paid membership program is designed to give you many benefits, such as removing this time limit. To learn more, please click here.
| No comments |