By Steven Rosenfeld
Posted on September 18, 2008, Printed on September 18, 2008
An election whistleblower who is a Republican, a nationally known data security and computer architecture expert, and an Ohio resident has filed a sworn affidavit in federal court that describes how Republican Party consultants in 2004 built an electronic vote counting network in Ohio that could have stolen votes to re-elect the president.
The whistleblower, Stephen Spoonamore, who has run or held senior technology positions in six technology companies, and whose clients have included MasterCard, American Express, NBC-GE, and federal agencies including the State Department and the Navy, said Mike Connell, a longtime Republican Party computer networking contractor, "agrees that the electronic voting systems in the US are not secure" and told Spoonamore in 2007 "that he (Connell) is afraid some of the more ruthless partisans of the GOP may have exploited systems he in part worked on for this purpose."
"Mr. Connell builds front end applications, user interfaces and web sites," Spoonamore said in his September 17, 2008 affidavit. "Knowing his team and their skills I find it unlikely they would be the vote thieves directly. I believe however he knows who is doing that work, and has likely turned a blind eye to this activity. Mr. Connell is a devout Catholic. He has admitted to me that in his zeal to 'save the unborn' he may have helped others who have compromised elections. He was clearly uncomfortable when I asked directly about Ohio 2004."
After a federal judge ordered those records be preserved, Jennifer Brunner, the Ohio Secretary of State elected in November 2006, discovered that ballots and other records that could determine the accuracy of the 2004 vote count had been destroyed in 56 of Ohio's 88 counties. Brunner is a Democrat; her Republican predecessor, Ken Blackwell, was targeted in the lawsuit. Brunner has since sought to delay action in the case until after the 2008 presidential election.
The Ohio Southern District Court granted a stay, or delay, to the state. However lawyers for aggrieved 2004 voters who brought the lawsuit, filed Spoonamore's declaration to argue the stay be lifted for just Connell, so he can be questioned under oath about the digital vote counting network he build in 2004.
These lawyers, notably Cliff Arnebeck of Coumbus, Ohio, and Spoonamore, believe that Republican partisans could have tapped into a key node in vote-counting networks where county-level results are compiled into state results. At that point, they believe software was used that told the vote-counting mechanism to limit the votes awarded to the Democratic presidential candidate, John Kerry, and to shift or add votes to the total for George W. Bush.
"I have followed with interest the security issues involved with electronic voting in United States," Spoonamore's affidavit said. "My understanding of the vulnerabilities of American elections to fraudulent manipulation is based upon conversations with professionals in election administration working within state governmental structures as well as information technology specialists working in private industry a contract basis for state governments."
On Election Night in 2004, the Ohio Secretary of State's website posting the official Ohio election results was hosted on Republican-controlled servers in Chattanooga, Tennessee, which also were home to many other Republican websites. According to Spoonamore this set-up "modified" more typical electronic vote counting networks, where local precincts would record individual votes and then send them to county tabulators, which in turn would send the countywide counts to a statewide tabulator.
"The vote tabulation and reporting system, as modified at the direction of Mr. (Kenneth J.) Blackwell (Ohio's former Secretary of State, a Republican and co-chair of the president's re-election campaign in Ohio in 2004), allowed the introduction of a single computer in the middle of the pathway," he said. "This computer located at a company principally managing IT Systems for GOP campaign and political operations (Computer C) received all information from each county computer (Computer A) BEFORE it was sent onward to Computer B (Ohio's statewide vote count tabulator)."
"This centralized collection of all incoming statewide tabulations would make it extremely easy for a single operator, or a preprogrammed single 'force balancing computer' to change the results in any way desired by the team controlling Computer C -- in this case GOP partisan operatives," Spoonamore said. "Again, if this out of state system had ANY digital access to the Secretary of States system it would be cause for immediate investigation by any of my banking clients."
Spoonamore's declaration discusses how it is common in detecting electronic banking fraud to find the insertion of "man in the middle" attacks, where criminals insert a computer between a network's data transmission points. He further describes "force balancing," which he said is a feature of banking industry computers, such as ATMs, which balance sums in user's accounts after deposits and withdrawals. Spoonamore said Ohio's 2004 electronic voting tabulators, made by Diebold (now Premier Election Solutions), which also makes bank ATMs, contain software that add and subtract votes. He said the subtraction feature could only be used to delete votes.
"The Diebold system is riddled with exploitable errors," he said, citing a report on the Diebold's vote counting computers commissioned by former Maryland Gov. Robert Erlich, a Republican. "Many of these concerns are almost comical from the perspective of a computer architect. One example of this: The existence of negative fields being possible in some number fields. Voting machines as custom built computers which should be designed to begin at the number Zero, no votes, and advance only in increments of 1, one vote, until they max out at the most possible votes cast in one day Š There is no possible legitimate reason that NEGATIVE votes should ever be entered. And yet these machines are capable of having negative numbers programmed in, injected, or preloaded."
If GOP cyber-partisans intercepted county vote totals and altered the statewide count reported to the public, Spoonamore said the hard drives in the county-level tabulators would contain records that would reveal that the statewide vote count was fraudulent.
"If this had happened, in order to cover up this fact, the hard drives of the county level tabulators would have to be pulled and destroyed, as they would have digital evidence of this hacking from Computer C," he said. "The efforts by the company in charge of these computers to pull out hard drives and destroy them in advance of the Green Party Recount from the 2004 election is a clear signal something was deliberately amiss with the county tabulators."