- State senators and legislators, especially in the above-named
states, are urged to launch formal hearings, with subpoena power
and witnesses under oath, to investigate exactly what restrictions
were placed on voting machine examiners by vendors and
secretaries of state.
ANOTHER BREAKDOWN IN VOTER PROTECTION
Bruce Sims of San Diego, Calif. caught this problem:
According to 1990 FEC standards section 5.3, "Access Control",
voting machine manufacturers are required to provide federal
testing labs with a "penetration analysis" (hacking analysis). Did
Diebold, Sequoia and ES&S provide this to testing labs?
If so, why didn't the labs identify the massive Diebold holes
exploited by a Finnish security expert in the 2005 Black Box
Voting "Harri Hursti" projects, and by Dr. Herbert Thompson and
Black Box Voting with the Diebold GEMS central tabulator, and
by Jeremiah Akin with the Sequoia WinEDS central tabulator?
"All software (including firmware) for all voting systems SHALL
incorporate measures to prevent ... unauthorized operations by
ANY PERSON. Unauthorized operations include, but are not limited
to: MODIFICATION OF COMPILED OR INTERPRETED CODE..."
This is exactly the "unauthorized operation" that Hursti performed
in Leon County on May 26 and Dec 13 2005 in the Black Box Voting
projects. Thompson's Visual Basic GEMS hack was also an
"unauthorized operation" of the code, and the alterations in the
Sequoia WinEDS code demonstrated by Jeremiah Akin are also
"unauthorized operations."
When public officials and vendors explain to you that these hacks
are not relevant because they require inside access, note that this
FEC requirement applies to both outsiders and INSIDERS.
DID THE VENDOR EVER SUPPLY ACCURATE "PENETRATION ANALYSES?"
"The vendor shall provide a penetration analysis," the standards
say. Setting aside for the moment the sheer stupidity of relying
only on a profit-seeking vendors assessment of their own product
weaknesses, the Diebold memos show that Diebold knew that its
customized AccuBasic code could be altered to "do just about
anything." Therefore, unless Diebold identified this in the "penetration
analysis" it was supposed to provide to the labs, it was out of
compliance with FEC guidelines.
==============
From: Guy Lancaster
Date: Thu, 18 Nov 1999
"The 1.94w firmware does not keep a checksum on the Accu-Basic
report program stored on the memory card. It sounds like that area
has been corrupted on these but without a checksum, the Accu-Vote
doesn't recognize the fact and report the error..."
From: On Behalf Of Steve Knecht
Sent: Tuesday, February 05, 2002 9:54 AM
Subject: AccuVote Tapes Results Report
> could we get an AccuBasic Report Option that just printed out the
label and the ballots cast by precinct only for the zero and election
night report...
Reply: "We can do just about anything."
states, are urged to launch formal hearings, with subpoena power
and witnesses under oath, to investigate exactly what restrictions
were placed on voting machine examiners by vendors and
secretaries of state.
ANOTHER BREAKDOWN IN VOTER PROTECTION
Bruce Sims of San Diego, Calif. caught this problem:
According to 1990 FEC standards section 5.3, "Access Control",
voting machine manufacturers are required to provide federal
testing labs with a "penetration analysis" (hacking analysis). Did
Diebold, Sequoia and ES&S provide this to testing labs?
exploited by a Finnish security expert in the 2005 Black Box
Voting "Harri Hursti" projects, and by Dr. Herbert Thompson and
Black Box Voting with the Diebold GEMS central tabulator, and
by Jeremiah Akin with the Sequoia WinEDS central tabulator?
"All software (including firmware) for all voting systems SHALL
incorporate measures to prevent ... unauthorized operations by
ANY PERSON. Unauthorized operations include, but are not limited
to: MODIFICATION OF COMPILED OR INTERPRETED CODE..."
This is exactly the "unauthorized operation" that Hursti performed
in Leon County on May 26 and Dec 13 2005 in the Black Box Voting
projects. Thompson's Visual Basic GEMS hack was also an
"unauthorized operation" of the code, and the alterations in the
Sequoia WinEDS code demonstrated by Jeremiah Akin are also
"unauthorized operations."
When public officials and vendors explain to you that these hacks
are not relevant because they require inside access, note that this
FEC requirement applies to both outsiders and INSIDERS.
DID THE VENDOR EVER SUPPLY ACCURATE "PENETRATION ANALYSES?"
"The vendor shall provide a penetration analysis," the standards
say. Setting aside for the moment the sheer stupidity of relying
only on a profit-seeking vendors assessment of their own product
weaknesses, the Diebold memos show that Diebold knew that its
customized AccuBasic code could be altered to "do just about
anything." Therefore, unless Diebold identified this in the "penetration
analysis" it was supposed to provide to the labs, it was out of
compliance with FEC guidelines.
==============
From: Guy Lancaster
Date: Thu, 18 Nov 1999
"The 1.94w firmware does not keep a checksum on the Accu-Basic
report program stored on the memory card. It sounds like that area
has been corrupted on these but without a checksum, the Accu-Vote
doesn't recognize the fact and report the error..."
From: On Behalf Of Steve Knecht
Sent: Tuesday, February 05, 2002 9:54 AM
Subject: AccuVote Tapes Results Report
> could we get an AccuBasic Report Option that just printed out the
label and the ballots cast by precinct only for the zero and election
night report...
Reply: "We can do just about anything."
(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).
